Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Invoice-BL. Payment TT $ 16945.99.exe

Overview

General Information

Sample name:Invoice-BL. Payment TT $ 16945.99.exe
Analysis ID:1572212
MD5:eb7496ff2480e5b4fbd90e785a7328cd
SHA1:0039713076f0ccb54bfea4fa060b62eada29d39e
SHA256:d30d43ea8f103340a2307145035f404873d3d345f310dbeba6fa20f85d3fb790
Tags:exeRedLineStealeruser-abuse_ch
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected RedLine Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • Invoice-BL. Payment TT $ 16945.99.exe (PID: 6880 cmdline: "C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe" MD5: EB7496FF2480E5B4FBD90E785A7328CD)
    • powershell.exe (PID: 5960 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7392 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 5940 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmp4600.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • haYzNpEpfrrs.exe (PID: 7264 cmdline: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe MD5: EB7496FF2480E5B4FBD90E785A7328CD)
    • schtasks.exe (PID: 7496 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmpBEE8.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • haYzNpEpfrrs.exe (PID: 7540 cmdline: "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe" MD5: EB7496FF2480E5B4FBD90E785A7328CD)
    • haYzNpEpfrrs.exe (PID: 7548 cmdline: "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe" MD5: EB7496FF2480E5B4FBD90E785A7328CD)
    • haYzNpEpfrrs.exe (PID: 7556 cmdline: "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe" MD5: EB7496FF2480E5B4FBD90E785A7328CD)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["45.137.22.164:1912"], "Bot Id": "SystemCache", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000006.00000002.1798528235.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Click to see the 11 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.2.Invoice-BL. Payment TT $ 16945.99.exe.3cd4cb0.1.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.2.Invoice-BL. Payment TT $ 16945.99.exe.3cd4cb0.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    6.2.Invoice-BL. Payment TT $ 16945.99.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      0.2.Invoice-BL. Payment TT $ 16945.99.exe.3c89a90.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        0.2.Invoice-BL. Payment TT $ 16945.99.exe.3c89a90.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                          Click to see the 1 entries

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe", ParentImage: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe, ParentProcessId: 6880, ParentProcessName: Invoice-BL. Payment TT $ 16945.99.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe", ProcessId: 5960, ProcessName: powershell.exe
                          Sigma detected: Powershell Defender Exclusion
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe", ParentImage: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe, ParentProcessId: 6880, ParentProcessName: Invoice-BL. Payment TT $ 16945.99.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe", ProcessId: 5960, ProcessName: powershell.exe
                          Sigma detected: Suspicious Add Scheduled Task Parent
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmpBEE8.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmpBEE8.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe, ParentImage: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe, ParentProcessId: 7264, ParentProcessName: haYzNpEpfrrs.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmpBEE8.tmp", ProcessId: 7496, ProcessName: schtasks.exe
                          Sigma detected: Suspicious Schtasks From Env Var Folder
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmp4600.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmp4600.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe", ParentImage: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe, ParentProcessId: 6880, ParentProcessName: Invoice-BL. Payment TT $ 16945.99.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmp4600.tmp", ProcessId: 5940, ProcessName: schtasks.exe
                          Sigma detected: Non Interactive PowerShell Process Spawned
                          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe", ParentImage: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe, ParentProcessId: 6880, ParentProcessName: Invoice-BL. Payment TT $ 16945.99.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe", ProcessId: 5960, ProcessName: powershell.exe

                          Persistence and Installation Behavior

                          barindex
                          Sigma detected: Scheduled temp file as task from temp location
                          Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmp4600.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmp4600.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe", ParentImage: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe, ParentProcessId: 6880, ParentProcessName: Invoice-BL. Payment TT $ 16945.99.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmp4600.tmp", ProcessId: 5940, ProcessName: schtasks.exe

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-10T09:17:02.420478+010020432341A Network Trojan was detected45.137.22.1641912192.168.2.449733TCP
                          2024-12-10T09:17:07.682772+010020432341A Network Trojan was detected45.137.22.1641912192.168.2.449736TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-10T09:17:02.030831+010020432311A Network Trojan was detected192.168.2.44973345.137.22.1641912TCP
                          2024-12-10T09:17:06.742113+010020432311A Network Trojan was detected192.168.2.44973645.137.22.1641912TCP
                          2024-12-10T09:17:07.543715+010020432311A Network Trojan was detected192.168.2.44973345.137.22.1641912TCP
                          2024-12-10T09:17:10.554388+010020432311A Network Trojan was detected192.168.2.44973345.137.22.1641912TCP
                          2024-12-10T09:17:11.009802+010020432311A Network Trojan was detected192.168.2.44973345.137.22.1641912TCP
                          2024-12-10T09:17:12.811063+010020432311A Network Trojan was detected192.168.2.44973645.137.22.1641912TCP
                          2024-12-10T09:17:15.615330+010020432311A Network Trojan was detected192.168.2.44973645.137.22.1641912TCP
                          2024-12-10T09:17:16.056822+010020432311A Network Trojan was detected192.168.2.44973645.137.22.1641912TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-10T09:17:09.080209+010020460561A Network Trojan was detected45.137.22.1641912192.168.2.449733TCP
                          2024-12-10T09:17:14.206852+010020460561A Network Trojan was detected45.137.22.1641912192.168.2.449736TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-10T09:17:02.030831+010020460451A Network Trojan was detected192.168.2.44973345.137.22.1641912TCP
                          2024-12-10T09:17:06.742113+010020460451A Network Trojan was detected192.168.2.44973645.137.22.1641912TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Found malware configuration
                          Source: 00000000.00000002.1687136757.0000000003B01000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": ["45.137.22.164:1912"], "Bot Id": "SystemCache", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                          Multi AV Scanner detection for dropped file
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeReversingLabs: Detection: 28%
                          Multi AV Scanner detection for submitted file
                          Source: Invoice-BL. Payment TT $ 16945.99.exeReversingLabs: Detection: 28%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                          Machine Learning detection for dropped file
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: Invoice-BL. Payment TT $ 16945.99.exeJoe Sandbox ML: detected
                          Source: Invoice-BL. Payment TT $ 16945.99.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: Invoice-BL. Payment TT $ 16945.99.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: jXdm.pdbSHA256T source: Invoice-BL. Payment TT $ 16945.99.exe, haYzNpEpfrrs.exe.0.dr
                          Source: Binary string: jXdm.pdb source: Invoice-BL. Payment TT $ 16945.99.exe, haYzNpEpfrrs.exe.0.dr
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 4x nop then jmp 077466EAh6_2_07746428
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_07743BE0
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 4x nop then jmp 07745D8Ah6_2_07745968
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 4x nop then jmp 0774620Ah6_2_07745968
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 4x nop then jmp 0774540Bh6_2_077451D8
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 4x nop then jmp 077419BFh6_2_077419A7
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 4x nop then jmp 0774040Dh6_2_07740040
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 4x nop then jmp 0774040Dh6_2_0774001B
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 4x nop then jmp 0774040Dh6_2_07740007
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 4x nop then jmp 06FB5C23h13_2_06FB59F0
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h13_2_06FB39A0
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 4x nop then jmp 06FB65A2h13_2_06FB6180
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 4x nop then jmp 06FB6A22h13_2_06FB6180
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 4x nop then jmp 06FB3565h13_2_06FB3198
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 4x nop then jmp 06FB3565h13_2_06FB3189

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.4:49733 -> 45.137.22.164:1912
                          Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.4:49736 -> 45.137.22.164:1912
                          Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.4:49733 -> 45.137.22.164:1912
                          Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.4:49736 -> 45.137.22.164:1912
                          Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 45.137.22.164:1912 -> 192.168.2.4:49733
                          Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 45.137.22.164:1912 -> 192.168.2.4:49736
                          Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 45.137.22.164:1912 -> 192.168.2.4:49733
                          Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 45.137.22.164:1912 -> 192.168.2.4:49736
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: 45.137.22.164:1912
                          Source: global trafficTCP traffic: 192.168.2.4:49733 -> 45.137.22.164:1912
                          Source: Joe Sandbox ViewASN Name: ROOTLAYERNETNL ROOTLAYERNETNL
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.164
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800294591.000000000101E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oen
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1684498941.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 00000007.00000002.1738139117.0000000002521000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002D1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002D1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002D1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3ResponseD
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1687136757.0000000003B01000.00000004.00000800.00020000.00000000.sdmp, Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1687136757.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1798528235.0000000000402000.00000040.00000400.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                          System Summary

                          barindex
                          Initial sample is a PE file and has a suspicious name
                          Source: initial sampleStatic PE information: Filename: Invoice-BL. Payment TT $ 16945.99.exe
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_01153E340_2_01153E34
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_0115E1240_2_0115E124
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_01156F900_2_01156F90
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_05EB36680_2_05EB3668
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_05EB41280_2_05EB4128
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_05EB12400_2_05EB1240
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_05EB11F80_2_05EB11F8
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_05EB12300_2_05EB1230
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_07C09FF50_2_07C09FF5
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_07C085E90_2_07C085E9
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_07C000400_2_07C00040
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_07C037880_2_07C03788
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_07C033500_2_07C03350
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_07C02F180_2_07C02F18
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_07C04E600_2_07C04E60
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_07C04A280_2_07C04A28
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_0269DC746_2_0269DC74
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_077496B86_2_077496B8
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_077464286_2_07746428
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_07741C176_2_07741C17
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_07743BE06_2_07743BE0
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_07740A806_2_07740A80
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_077459686_2_07745968
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_077441806_2_07744180
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_077410C06_2_077410C0
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_07743BD06_2_07743BD0
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_077433806_2_07743380
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_07740A726_2_07740A72
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_077422996_2_07742299
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_077459576_2_07745957
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_077400406_2_07740040
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_0774001B6_2_0774001B
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 6_2_077400076_2_07740007
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_04A43E347_2_04A43E34
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_04A4E1247_2_04A4E124
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_04A46F907_2_04A46F90
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_058E0BD47_2_058E0BD4
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_058E01207_2_058E0120
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_058E01307_2_058E0130
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_058E20F07_2_058E20F0
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_058E0BC87_2_058E0BC8
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_072F94A07_2_072F94A0
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_072F00407_2_072F0040
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_072F78D47_2_072F78D4
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_072F2F187_2_072F2F18
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_072F37887_2_072F3788
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_072F4E607_2_072F4E60
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_072F2EF97_2_072F2EF9
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_072F33507_2_072F3350
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_072F4A287_2_072F4A28
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_072F00067_2_072F0006
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_072F00E37_2_072F00E3
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_087441177_2_08744117
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_087412407_2_08741240
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_087436687_2_08743668
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_08746D087_2_08746D08
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_087412307_2_08741230
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_0295DC7413_2_0295DC74
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_0510EE5813_2_0510EE58
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_0510885013_2_05108850
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_05100AFC13_2_05100AFC
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_0510000713_2_05100007
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_0510004013_2_05100040
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_0510884013_2_05108840
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_05100AF913_2_05100AF9
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_05101FF013_2_05101FF0
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB967813_2_06FB9678
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB401813_2_06FB4018
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB39A013_2_06FB39A0
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB618013_2_06FB6180
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB078813_2_06FB0788
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB077813_2_06FB0778
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB4AE813_2_06FB4AE8
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB4AD813_2_06FB4AD8
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB20F013_2_06FB20F0
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB319813_2_06FB3198
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB399013_2_06FB3990
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB318913_2_06FB3189
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB617013_2_06FB6170
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1682696891.0000000000B6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1695792598.0000000009120000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000000.1649883210.00000000006A2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamejXdm.exeJ vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1687136757.0000000003D25000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1687136757.0000000003D25000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1687136757.0000000003B01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1687136757.0000000003B01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1687136757.0000000003CCC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1687136757.0000000003D17000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1695001468.0000000007880000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1798528235.0000000000446000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000029C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefirefox.exe0 vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000029C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $kq,\\StringFileInfo\\000004B0\\OriginalFilename vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000029C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000029C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $kq,\\StringFileInfo\\040904B0\\OriginalFilename vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000029C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXE.MUID vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000029C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXED vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000029C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $kq,\\StringFileInfo\\080904B0\\OriginalFilename vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000029C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exeBinary or memory string: OriginalFilenamejXdm.exeJ vs Invoice-BL. Payment TT $ 16945.99.exe
                          Source: Invoice-BL. Payment TT $ 16945.99.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: Invoice-BL. Payment TT $ 16945.99.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: haYzNpEpfrrs.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, ESUYSjpJ1jS9kdLtPJ.csSecurity API names: _0020.SetAccessControl
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, ESUYSjpJ1jS9kdLtPJ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, ESUYSjpJ1jS9kdLtPJ.csSecurity API names: _0020.AddAccessRule
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, ESUYSjpJ1jS9kdLtPJ.csSecurity API names: _0020.SetAccessControl
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, ESUYSjpJ1jS9kdLtPJ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, ESUYSjpJ1jS9kdLtPJ.csSecurity API names: _0020.AddAccessRule
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, eP7KFHYxkowkSxeuGX.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, eP7KFHYxkowkSxeuGX.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, eP7KFHYxkowkSxeuGX.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, ESUYSjpJ1jS9kdLtPJ.csSecurity API names: _0020.SetAccessControl
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, ESUYSjpJ1jS9kdLtPJ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, ESUYSjpJ1jS9kdLtPJ.csSecurity API names: _0020.AddAccessRule
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@20/11@0/1
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile created: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6776:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3340:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7504:120:WilError_03
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile created: C:\Users\user\AppData\Local\Temp\tmp4600.tmpJump to behavior
                          Source: Invoice-BL. Payment TT $ 16945.99.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: Invoice-BL. Payment TT $ 16945.99.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: Invoice-BL. Payment TT $ 16945.99.exeReversingLabs: Detection: 28%
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile read: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe "C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe"
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmp4600.tmp"
                          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess created: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe "C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe"
                          Source: unknownProcess created: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmpBEE8.tmp"
                          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess created: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess created: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess created: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmp4600.tmp"Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess created: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe "C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe"Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmpBEE8.tmp"Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess created: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess created: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess created: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: mscoree.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: version.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: cryptsp.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: rsaenh.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: cryptbase.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: dwrite.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: msvcp140_clr0400.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: secur32.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: wbemcomn.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: amsi.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: dpapi.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: rstrtmgr.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeSection loaded: windowscodecs.dll
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                          Source: Invoice-BL. Payment TT $ 16945.99.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: Invoice-BL. Payment TT $ 16945.99.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Invoice-BL. Payment TT $ 16945.99.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: jXdm.pdbSHA256T source: Invoice-BL. Payment TT $ 16945.99.exe, haYzNpEpfrrs.exe.0.dr
                          Source: Binary string: jXdm.pdb source: Invoice-BL. Payment TT $ 16945.99.exe, haYzNpEpfrrs.exe.0.dr

                          Data Obfuscation

                          barindex
                          .NET source code contains potential unpacker
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, ESUYSjpJ1jS9kdLtPJ.cs.Net Code: bZ6RcTZovb System.Reflection.Assembly.Load(byte[])
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, ESUYSjpJ1jS9kdLtPJ.cs.Net Code: bZ6RcTZovb System.Reflection.Assembly.Load(byte[])
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, ESUYSjpJ1jS9kdLtPJ.cs.Net Code: bZ6RcTZovb System.Reflection.Assembly.Load(byte[])
                          Source: Invoice-BL. Payment TT $ 16945.99.exeStatic PE information: 0xF8F576FC [Fri May 12 00:19:08 2102 UTC]
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeCode function: 0_2_078AA7F8 pushad ; iretd 0_2_078AA7F9
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 7_2_06F9A7F8 pushad ; iretd 7_2_06F9A7F9
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_0510D442 push eax; ret 13_2_0510D451
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB2F10 push es; ret 13_2_06FB2F20
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB8DB0 push es; ret 13_2_06FB8DC6
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeCode function: 13_2_06FB759F push es; iretd 13_2_06FB75AC
                          Source: Invoice-BL. Payment TT $ 16945.99.exeStatic PE information: section name: .text entropy: 7.634839633173352
                          Source: haYzNpEpfrrs.exe.0.drStatic PE information: section name: .text entropy: 7.634839633173352
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, e7TN4PnOnqqB1XnTNa.csHigh entropy of concatenated method names: 'FFrFuGqQBU', 'BMeFLk1GBA', 'lPrIqSYHur', 'e2WIOQhYiD', 'L0RIdTCGaG', 'HbPIsCA6WY', 'Yq6IVZKF0w', 'Xk5IhatQ8H', 'UbdI4CeaLC', 'RehI7dH1Pt'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, KbC8tU5yG5eux3Yk9B.csHigh entropy of concatenated method names: 'tMXI6NgAUc', 'Uy1Ia4wCH4', 'dJDIYluVGn', 'TqGI5CPth2', 'f2WIfGV2mt', 'OaQIBI8puH', 'UpkID1ZNkG', 'EbEI1lRk0f', 'UXTIAfMvJ7', 'BJCIJWfpEG'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, VHZrGHG2wXeGJdZoyl.csHigh entropy of concatenated method names: 'ad6cXOews', 'leA6TiX2f', 'VGhaP7oNu', 'I8sLDPK7Z', 'AAL50BlnT', 'cn0nO5dCs', 'yymnUWyBnVTbC5pQWJ', 'As1InUuDaKRYiWyOlW', 'tM8lRpYOfOVRytVLSd', 'oof1jYsHj'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, s93qNXSGbNbWJP7aVIn.csHigh entropy of concatenated method names: 'ToString', 'iwRkYVRc9I', 'SCfk5GcGgu', 'tj9kn2bm7H', 'u1lkgqjkl2', 'h7lk2DPtRG', 'tIPkqvbl8e', 'SMukOWNs70', 'Vty6oPI4JjKha3MmK54', 'tBpLAhI2cpb55RNoj2Y'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, u0Gl3uSSaGneLr4jH2h.csHigh entropy of concatenated method names: 'fWkJ3jQsf9', 'aRPJzkwNLC', 'HRakTeqqfp', 'duikSwNtq2', 'MR8kG7cscI', 'tyikbQ1gvE', 'Sw2kRfJP1n', 'kdikwb6hWd', 'SYmklEEGd2', 'WEVkW0X7oj'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, LEdKxJREXSd8iRYU11.csHigh entropy of concatenated method names: 'M3wSeP7KFH', 'nkoSpwkSxe', 'vyGS95eux3', 'Dk9SxBw7TN', 'xnTSfNadWh', 'gMKSBbO9xr', 'SEXFV8lXNVgljsxMjy', 'rZ9UPcLuko3R22uOyd', 'fVSSSqvxHh', 'Q22SbibeJk'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, vGenll45Z3mdtqb5Ms.csHigh entropy of concatenated method names: 'IWNerDn8Sd', 'cu2ejLVaw0', 'Wc0ec3PhdN', 'QG2e6OvKQA', 'jiReukXpVD', 'xHeeaL7JpB', 'ioceLs5nP0', 'Kt2eYQoSTB', 'FSae5525QY', 'qgben7VNuH'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, dghlcHSTQVJdmyqA9rM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'agZJPHIHmr', 'e10JQNm5PC', 'vLrJv2UI77', 'qedJNGIvlV', 'vlJJCcPMg5', 'cP1JMZyIrx', 'f6jJ0iq7fH'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, ODvLNRzM3FAwHc17Mj.csHigh entropy of concatenated method names: 'mxtJayHpxl', 'VZPJYDK50x', 'MVjJ55q5Ji', 'SoCJg1sl0j', 'B2oJ2i1M4A', 'Xc4JOjTXCb', 'jttJd9ET3H', 'tFiJXcppkc', 'fjYJr3Umcx', 'EyxJjOnT91'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, uLtONgybIk8sD7YNCT.csHigh entropy of concatenated method names: 'VKxAgqwtv5', 'Y8iA2VeALk', 'NJFAqga9IZ', 'lLnAODAyJs', 'jUjAdbWbBp', 'bYNAsici2A', 'ndeAV6895U', 'dHPAhHcTSH', 'R4nA4EVrAv', 'fREA7NBbWZ'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, ER1fQI040O1uAmAo6y.csHigh entropy of concatenated method names: 'LXED9qX5YL', 'PGgDxNOXBq', 'ToString', 'sC2Dl8T6Vc', 'dUFDWBpI6D', 'prFDIuBhIn', 'FxlDFdmdKj', 'WvVDoA1ZJv', 'TC3DeVQDJV', 'jStDpl4vJF'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, JWhIMKgbO9xr7L04SE.csHigh entropy of concatenated method names: 'pcBowH3LpJ', 'kNWoWduCxa', 'ybsoF2tWrq', 'rCcoedaOlA', 'xyWopviGYa', 'CEYF8vKWUT', 'dLHFEYbG5t', 'V9OFKNU5y1', 'AQ8FipUwqG', 'l23FyOtr7r'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, jZV4koSRBfvyB75E1vY.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'DptZAJ3Ma8', 'VjLZJKKbtW', 'MbrZkI4XFy', 'CkUZZ5AN8c', 'UYGZU8y15t', 'eryZmHv25D', 'vRtZXXPKmJ'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, MSd3BNM9dQZOh2hKMM.csHigh entropy of concatenated method names: 'ToString', 'lnHBPG0OMN', 'pkuB29NVAl', 'pSOBqBvNis', 'F9NBOKBoS9', 'IMrBdCZUSl', 'Cn7BsdMEEt', 'enyBVaw5mN', 'DwYBhmZ1uo', 'hTIB4p4a8C'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, ESUYSjpJ1jS9kdLtPJ.csHigh entropy of concatenated method names: 'FVMbw06EHF', 'qwEblBN0ZW', 'wpqbW7haQf', 'nqEbIfV0Tq', 'KKSbFdCGkf', 'tlNboBy3EM', 'piDbeVP9ms', 'kFRbp4IiFD', 'g9xbtjNjOY', 'i7tb92B8LH'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, P1eSWVE42NiH1cPGAT.csHigh entropy of concatenated method names: 'vXJDimZURa', 'ROfD3tHor8', 'w8n1TrRAYi', 'wSd1SYRUQU', 'euIDPFUEH8', 'jgiDQkuY3I', 'zNFDvvrbZp', 'MNCDNGfwLd', 'rptDCgCkJm', 'ey9DMlx9Uq'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, ShRkBn35B1kHB42EQe.csHigh entropy of concatenated method names: 'GsIJIIGmXj', 'C0TJFGJTOC', 'qZPJo4xovJ', 'eDKJeKvnfC', 'sAcJA40397', 'BqdJpvZYLx', 'Next', 'Next', 'Next', 'NextBytes'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, jYCtcYKn20p3lckyj0.csHigh entropy of concatenated method names: 'eOoAfQHDlZ', 'P8hADQDi0I', 'nCqAAoI6PK', 'm9VAkGBgBE', 'RxnAUVR2OM', 'RlcAXWwd40', 'Dispose', 'MEd1lgIaen', 'EWi1Woh5UA', 'LEC1IxYudm'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, eP7KFHYxkowkSxeuGX.csHigh entropy of concatenated method names: 'YXFWNhOpVs', 'bR0WCRFrHA', 'AfZWMN2kw5', 'dxaW0KYR7Y', 'kxAW8uq7RG', 'AcxWEy4EiY', 'jQ6WKP9SuL', 'ITMWiicQWZ', 'ESMWygfyIX', 'ElLW3jdvfa'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, Vs3EWJWRqxX6oSNoJc.csHigh entropy of concatenated method names: 'Dispose', 'Tp3Sylckyj', 'SMsG2J2inU', 'eB2nOlsesE', 'TnsS3DRbOL', 'vP7SzKDtMG', 'ProcessDialogKey', 'KqZGTLtONg', 'cIkGS8sD7Y', 'QCTGGMhRkB'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3db1d88.2.raw.unpack, KPkJuIvMSB23gq0ZxP.csHigh entropy of concatenated method names: 'ivNHYPveOg', 'dt3H56AvWL', 'HAHHgjB2ZL', 'EE7H2fBZ4I', 'WI9HOM39FQ', 'x7eHdbLHqL', 'cuWHVe8YvY', 'tRbHh3lwft', 'J99H7Qd1b9', 'e2sHP5FSFc'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, e7TN4PnOnqqB1XnTNa.csHigh entropy of concatenated method names: 'FFrFuGqQBU', 'BMeFLk1GBA', 'lPrIqSYHur', 'e2WIOQhYiD', 'L0RIdTCGaG', 'HbPIsCA6WY', 'Yq6IVZKF0w', 'Xk5IhatQ8H', 'UbdI4CeaLC', 'RehI7dH1Pt'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, KbC8tU5yG5eux3Yk9B.csHigh entropy of concatenated method names: 'tMXI6NgAUc', 'Uy1Ia4wCH4', 'dJDIYluVGn', 'TqGI5CPth2', 'f2WIfGV2mt', 'OaQIBI8puH', 'UpkID1ZNkG', 'EbEI1lRk0f', 'UXTIAfMvJ7', 'BJCIJWfpEG'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, VHZrGHG2wXeGJdZoyl.csHigh entropy of concatenated method names: 'ad6cXOews', 'leA6TiX2f', 'VGhaP7oNu', 'I8sLDPK7Z', 'AAL50BlnT', 'cn0nO5dCs', 'yymnUWyBnVTbC5pQWJ', 'As1InUuDaKRYiWyOlW', 'tM8lRpYOfOVRytVLSd', 'oof1jYsHj'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, s93qNXSGbNbWJP7aVIn.csHigh entropy of concatenated method names: 'ToString', 'iwRkYVRc9I', 'SCfk5GcGgu', 'tj9kn2bm7H', 'u1lkgqjkl2', 'h7lk2DPtRG', 'tIPkqvbl8e', 'SMukOWNs70', 'Vty6oPI4JjKha3MmK54', 'tBpLAhI2cpb55RNoj2Y'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, u0Gl3uSSaGneLr4jH2h.csHigh entropy of concatenated method names: 'fWkJ3jQsf9', 'aRPJzkwNLC', 'HRakTeqqfp', 'duikSwNtq2', 'MR8kG7cscI', 'tyikbQ1gvE', 'Sw2kRfJP1n', 'kdikwb6hWd', 'SYmklEEGd2', 'WEVkW0X7oj'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, LEdKxJREXSd8iRYU11.csHigh entropy of concatenated method names: 'M3wSeP7KFH', 'nkoSpwkSxe', 'vyGS95eux3', 'Dk9SxBw7TN', 'xnTSfNadWh', 'gMKSBbO9xr', 'SEXFV8lXNVgljsxMjy', 'rZ9UPcLuko3R22uOyd', 'fVSSSqvxHh', 'Q22SbibeJk'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, vGenll45Z3mdtqb5Ms.csHigh entropy of concatenated method names: 'IWNerDn8Sd', 'cu2ejLVaw0', 'Wc0ec3PhdN', 'QG2e6OvKQA', 'jiReukXpVD', 'xHeeaL7JpB', 'ioceLs5nP0', 'Kt2eYQoSTB', 'FSae5525QY', 'qgben7VNuH'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, dghlcHSTQVJdmyqA9rM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'agZJPHIHmr', 'e10JQNm5PC', 'vLrJv2UI77', 'qedJNGIvlV', 'vlJJCcPMg5', 'cP1JMZyIrx', 'f6jJ0iq7fH'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, ODvLNRzM3FAwHc17Mj.csHigh entropy of concatenated method names: 'mxtJayHpxl', 'VZPJYDK50x', 'MVjJ55q5Ji', 'SoCJg1sl0j', 'B2oJ2i1M4A', 'Xc4JOjTXCb', 'jttJd9ET3H', 'tFiJXcppkc', 'fjYJr3Umcx', 'EyxJjOnT91'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, uLtONgybIk8sD7YNCT.csHigh entropy of concatenated method names: 'VKxAgqwtv5', 'Y8iA2VeALk', 'NJFAqga9IZ', 'lLnAODAyJs', 'jUjAdbWbBp', 'bYNAsici2A', 'ndeAV6895U', 'dHPAhHcTSH', 'R4nA4EVrAv', 'fREA7NBbWZ'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, ER1fQI040O1uAmAo6y.csHigh entropy of concatenated method names: 'LXED9qX5YL', 'PGgDxNOXBq', 'ToString', 'sC2Dl8T6Vc', 'dUFDWBpI6D', 'prFDIuBhIn', 'FxlDFdmdKj', 'WvVDoA1ZJv', 'TC3DeVQDJV', 'jStDpl4vJF'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, JWhIMKgbO9xr7L04SE.csHigh entropy of concatenated method names: 'pcBowH3LpJ', 'kNWoWduCxa', 'ybsoF2tWrq', 'rCcoedaOlA', 'xyWopviGYa', 'CEYF8vKWUT', 'dLHFEYbG5t', 'V9OFKNU5y1', 'AQ8FipUwqG', 'l23FyOtr7r'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, jZV4koSRBfvyB75E1vY.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'DptZAJ3Ma8', 'VjLZJKKbtW', 'MbrZkI4XFy', 'CkUZZ5AN8c', 'UYGZU8y15t', 'eryZmHv25D', 'vRtZXXPKmJ'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, MSd3BNM9dQZOh2hKMM.csHigh entropy of concatenated method names: 'ToString', 'lnHBPG0OMN', 'pkuB29NVAl', 'pSOBqBvNis', 'F9NBOKBoS9', 'IMrBdCZUSl', 'Cn7BsdMEEt', 'enyBVaw5mN', 'DwYBhmZ1uo', 'hTIB4p4a8C'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, ESUYSjpJ1jS9kdLtPJ.csHigh entropy of concatenated method names: 'FVMbw06EHF', 'qwEblBN0ZW', 'wpqbW7haQf', 'nqEbIfV0Tq', 'KKSbFdCGkf', 'tlNboBy3EM', 'piDbeVP9ms', 'kFRbp4IiFD', 'g9xbtjNjOY', 'i7tb92B8LH'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, P1eSWVE42NiH1cPGAT.csHigh entropy of concatenated method names: 'vXJDimZURa', 'ROfD3tHor8', 'w8n1TrRAYi', 'wSd1SYRUQU', 'euIDPFUEH8', 'jgiDQkuY3I', 'zNFDvvrbZp', 'MNCDNGfwLd', 'rptDCgCkJm', 'ey9DMlx9Uq'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, ShRkBn35B1kHB42EQe.csHigh entropy of concatenated method names: 'GsIJIIGmXj', 'C0TJFGJTOC', 'qZPJo4xovJ', 'eDKJeKvnfC', 'sAcJA40397', 'BqdJpvZYLx', 'Next', 'Next', 'Next', 'NextBytes'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, jYCtcYKn20p3lckyj0.csHigh entropy of concatenated method names: 'eOoAfQHDlZ', 'P8hADQDi0I', 'nCqAAoI6PK', 'm9VAkGBgBE', 'RxnAUVR2OM', 'RlcAXWwd40', 'Dispose', 'MEd1lgIaen', 'EWi1Woh5UA', 'LEC1IxYudm'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, eP7KFHYxkowkSxeuGX.csHigh entropy of concatenated method names: 'YXFWNhOpVs', 'bR0WCRFrHA', 'AfZWMN2kw5', 'dxaW0KYR7Y', 'kxAW8uq7RG', 'AcxWEy4EiY', 'jQ6WKP9SuL', 'ITMWiicQWZ', 'ESMWygfyIX', 'ElLW3jdvfa'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, Vs3EWJWRqxX6oSNoJc.csHigh entropy of concatenated method names: 'Dispose', 'Tp3Sylckyj', 'SMsG2J2inU', 'eB2nOlsesE', 'TnsS3DRbOL', 'vP7SzKDtMG', 'ProcessDialogKey', 'KqZGTLtONg', 'cIkGS8sD7Y', 'QCTGGMhRkB'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, KPkJuIvMSB23gq0ZxP.csHigh entropy of concatenated method names: 'ivNHYPveOg', 'dt3H56AvWL', 'HAHHgjB2ZL', 'EE7H2fBZ4I', 'WI9HOM39FQ', 'x7eHdbLHqL', 'cuWHVe8YvY', 'tRbHh3lwft', 'J99H7Qd1b9', 'e2sHP5FSFc'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, e7TN4PnOnqqB1XnTNa.csHigh entropy of concatenated method names: 'FFrFuGqQBU', 'BMeFLk1GBA', 'lPrIqSYHur', 'e2WIOQhYiD', 'L0RIdTCGaG', 'HbPIsCA6WY', 'Yq6IVZKF0w', 'Xk5IhatQ8H', 'UbdI4CeaLC', 'RehI7dH1Pt'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, KbC8tU5yG5eux3Yk9B.csHigh entropy of concatenated method names: 'tMXI6NgAUc', 'Uy1Ia4wCH4', 'dJDIYluVGn', 'TqGI5CPth2', 'f2WIfGV2mt', 'OaQIBI8puH', 'UpkID1ZNkG', 'EbEI1lRk0f', 'UXTIAfMvJ7', 'BJCIJWfpEG'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, VHZrGHG2wXeGJdZoyl.csHigh entropy of concatenated method names: 'ad6cXOews', 'leA6TiX2f', 'VGhaP7oNu', 'I8sLDPK7Z', 'AAL50BlnT', 'cn0nO5dCs', 'yymnUWyBnVTbC5pQWJ', 'As1InUuDaKRYiWyOlW', 'tM8lRpYOfOVRytVLSd', 'oof1jYsHj'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, s93qNXSGbNbWJP7aVIn.csHigh entropy of concatenated method names: 'ToString', 'iwRkYVRc9I', 'SCfk5GcGgu', 'tj9kn2bm7H', 'u1lkgqjkl2', 'h7lk2DPtRG', 'tIPkqvbl8e', 'SMukOWNs70', 'Vty6oPI4JjKha3MmK54', 'tBpLAhI2cpb55RNoj2Y'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, u0Gl3uSSaGneLr4jH2h.csHigh entropy of concatenated method names: 'fWkJ3jQsf9', 'aRPJzkwNLC', 'HRakTeqqfp', 'duikSwNtq2', 'MR8kG7cscI', 'tyikbQ1gvE', 'Sw2kRfJP1n', 'kdikwb6hWd', 'SYmklEEGd2', 'WEVkW0X7oj'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, LEdKxJREXSd8iRYU11.csHigh entropy of concatenated method names: 'M3wSeP7KFH', 'nkoSpwkSxe', 'vyGS95eux3', 'Dk9SxBw7TN', 'xnTSfNadWh', 'gMKSBbO9xr', 'SEXFV8lXNVgljsxMjy', 'rZ9UPcLuko3R22uOyd', 'fVSSSqvxHh', 'Q22SbibeJk'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, vGenll45Z3mdtqb5Ms.csHigh entropy of concatenated method names: 'IWNerDn8Sd', 'cu2ejLVaw0', 'Wc0ec3PhdN', 'QG2e6OvKQA', 'jiReukXpVD', 'xHeeaL7JpB', 'ioceLs5nP0', 'Kt2eYQoSTB', 'FSae5525QY', 'qgben7VNuH'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, dghlcHSTQVJdmyqA9rM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'agZJPHIHmr', 'e10JQNm5PC', 'vLrJv2UI77', 'qedJNGIvlV', 'vlJJCcPMg5', 'cP1JMZyIrx', 'f6jJ0iq7fH'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, ODvLNRzM3FAwHc17Mj.csHigh entropy of concatenated method names: 'mxtJayHpxl', 'VZPJYDK50x', 'MVjJ55q5Ji', 'SoCJg1sl0j', 'B2oJ2i1M4A', 'Xc4JOjTXCb', 'jttJd9ET3H', 'tFiJXcppkc', 'fjYJr3Umcx', 'EyxJjOnT91'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, uLtONgybIk8sD7YNCT.csHigh entropy of concatenated method names: 'VKxAgqwtv5', 'Y8iA2VeALk', 'NJFAqga9IZ', 'lLnAODAyJs', 'jUjAdbWbBp', 'bYNAsici2A', 'ndeAV6895U', 'dHPAhHcTSH', 'R4nA4EVrAv', 'fREA7NBbWZ'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, ER1fQI040O1uAmAo6y.csHigh entropy of concatenated method names: 'LXED9qX5YL', 'PGgDxNOXBq', 'ToString', 'sC2Dl8T6Vc', 'dUFDWBpI6D', 'prFDIuBhIn', 'FxlDFdmdKj', 'WvVDoA1ZJv', 'TC3DeVQDJV', 'jStDpl4vJF'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, JWhIMKgbO9xr7L04SE.csHigh entropy of concatenated method names: 'pcBowH3LpJ', 'kNWoWduCxa', 'ybsoF2tWrq', 'rCcoedaOlA', 'xyWopviGYa', 'CEYF8vKWUT', 'dLHFEYbG5t', 'V9OFKNU5y1', 'AQ8FipUwqG', 'l23FyOtr7r'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, jZV4koSRBfvyB75E1vY.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'DptZAJ3Ma8', 'VjLZJKKbtW', 'MbrZkI4XFy', 'CkUZZ5AN8c', 'UYGZU8y15t', 'eryZmHv25D', 'vRtZXXPKmJ'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, MSd3BNM9dQZOh2hKMM.csHigh entropy of concatenated method names: 'ToString', 'lnHBPG0OMN', 'pkuB29NVAl', 'pSOBqBvNis', 'F9NBOKBoS9', 'IMrBdCZUSl', 'Cn7BsdMEEt', 'enyBVaw5mN', 'DwYBhmZ1uo', 'hTIB4p4a8C'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, ESUYSjpJ1jS9kdLtPJ.csHigh entropy of concatenated method names: 'FVMbw06EHF', 'qwEblBN0ZW', 'wpqbW7haQf', 'nqEbIfV0Tq', 'KKSbFdCGkf', 'tlNboBy3EM', 'piDbeVP9ms', 'kFRbp4IiFD', 'g9xbtjNjOY', 'i7tb92B8LH'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, P1eSWVE42NiH1cPGAT.csHigh entropy of concatenated method names: 'vXJDimZURa', 'ROfD3tHor8', 'w8n1TrRAYi', 'wSd1SYRUQU', 'euIDPFUEH8', 'jgiDQkuY3I', 'zNFDvvrbZp', 'MNCDNGfwLd', 'rptDCgCkJm', 'ey9DMlx9Uq'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, ShRkBn35B1kHB42EQe.csHigh entropy of concatenated method names: 'GsIJIIGmXj', 'C0TJFGJTOC', 'qZPJo4xovJ', 'eDKJeKvnfC', 'sAcJA40397', 'BqdJpvZYLx', 'Next', 'Next', 'Next', 'NextBytes'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, jYCtcYKn20p3lckyj0.csHigh entropy of concatenated method names: 'eOoAfQHDlZ', 'P8hADQDi0I', 'nCqAAoI6PK', 'm9VAkGBgBE', 'RxnAUVR2OM', 'RlcAXWwd40', 'Dispose', 'MEd1lgIaen', 'EWi1Woh5UA', 'LEC1IxYudm'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, eP7KFHYxkowkSxeuGX.csHigh entropy of concatenated method names: 'YXFWNhOpVs', 'bR0WCRFrHA', 'AfZWMN2kw5', 'dxaW0KYR7Y', 'kxAW8uq7RG', 'AcxWEy4EiY', 'jQ6WKP9SuL', 'ITMWiicQWZ', 'ESMWygfyIX', 'ElLW3jdvfa'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, Vs3EWJWRqxX6oSNoJc.csHigh entropy of concatenated method names: 'Dispose', 'Tp3Sylckyj', 'SMsG2J2inU', 'eB2nOlsesE', 'TnsS3DRbOL', 'vP7SzKDtMG', 'ProcessDialogKey', 'KqZGTLtONg', 'cIkGS8sD7Y', 'QCTGGMhRkB'
                          Source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.9120000.5.raw.unpack, KPkJuIvMSB23gq0ZxP.csHigh entropy of concatenated method names: 'ivNHYPveOg', 'dt3H56AvWL', 'HAHHgjB2ZL', 'EE7H2fBZ4I', 'WI9HOM39FQ', 'x7eHdbLHqL', 'cuWHVe8YvY', 'tRbHh3lwft', 'J99H7Qd1b9', 'e2sHP5FSFc'
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile created: \invoice-bl. payment tt $ 16945.99.exe
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile created: \invoice-bl. payment tt $ 16945.99.exe
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile created: \invoice-bl. payment tt $ 16945.99.exe
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile created: \invoice-bl. payment tt $ 16945.99.exeJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile created: \invoice-bl. payment tt $ 16945.99.exeJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile created: \invoice-bl. payment tt $ 16945.99.exeJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile created: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeJump to dropped file

                          Boot Survival

                          barindex
                          Uses schtasks.exe or at.exe to add and modify task schedules
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmp4600.tmp"

                          Hooking and other Techniques for Hiding and Protection

                          barindex
                          Loading BitLocker PowerShell Module
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess information set: NOOPENFILEERRORBOX

                          Malware Analysis System Evasion

                          barindex
                          Yara detected AntiVM3
                          Source: Yara matchFile source: Process Memory Space: Invoice-BL. Payment TT $ 16945.99.exe PID: 6880, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: haYzNpEpfrrs.exe PID: 7264, type: MEMORYSTR
                          Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeMemory allocated: 1110000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeMemory allocated: 2B00000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeMemory allocated: 4B00000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeMemory allocated: 92F0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeMemory allocated: A2F0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeMemory allocated: A510000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeMemory allocated: B510000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeMemory allocated: 2670000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeMemory allocated: 27F0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeMemory allocated: 47F0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeMemory allocated: 23E0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeMemory allocated: 2520000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeMemory allocated: 4520000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeMemory allocated: 8950000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeMemory allocated: 9950000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeMemory allocated: 9B60000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeMemory allocated: AB60000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeMemory allocated: 2950000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeMemory allocated: 2B70000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeMemory allocated: 4B70000 memory reserve | memory write watch
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 240000Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239884Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239766Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239645Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239531Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239421Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239311Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239194Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239078Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 238969Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 238844Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 238734Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 238624Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 238467Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 238334Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 238207Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 237703Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 237516Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 237293Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 237164Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 237031Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 240000Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238875Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238744Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238632Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238525Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238408Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238281Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238171Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238062Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 237953Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 237844Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 237722Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 237594Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 237484Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 237375Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 237265Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWindow / User API: threadDelayed 1496Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWindow / User API: threadDelayed 1482Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8762Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 856Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWindow / User API: threadDelayed 1461Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWindow / User API: threadDelayed 2924Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWindow / User API: threadDelayed 1010Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWindow / User API: threadDelayed 1954Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWindow / User API: threadDelayed 500
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWindow / User API: threadDelayed 4056
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -11990383647911201s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -240000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -239884s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -239766s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -239645s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -239531s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -239421s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -239311s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -239194s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -239078s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -238969s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -238844s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -238734s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -238624s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -238467s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -238334s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -238207s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -237703s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -237516s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -237293s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -237164s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 3288Thread sleep time: -237031s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 6112Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7260Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 7668Thread sleep time: -14757395258967632s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe TID: 7248Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -11990383647911201s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -240000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -238875s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -238744s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -238632s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -238525s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -238408s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -238281s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -238171s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -238062s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -237953s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -237844s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -237722s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -237594s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -237484s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -237375s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7320Thread sleep time: -237265s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7300Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7776Thread sleep time: -13835058055282155s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe TID: 7580Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 240000Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239884Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239766Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239645Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239531Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239421Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239311Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239194Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 239078Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 238969Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 238844Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 238734Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 238624Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 238467Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 238334Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 238207Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 237703Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 237516Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 237293Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 237164Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 237031Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 240000Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238875Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238744Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238632Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238525Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238408Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238281Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238171Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 238062Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 237953Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 237844Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 237722Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 237594Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 237484Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 237375Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 237265Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeThread delayed: delay time: 922337203685477
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800151668.0000000000C92000.00000004.00000020.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1849868035.0000000000CB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeMemory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Adds a directory exclusion to Windows Defender
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"Jump to behavior
                          Injects a PE file into a foreign processes
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeMemory written: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe base: 400000 value starts with: 4D5AJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeMemory written: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe base: 400000 value starts with: 4D5AJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmp4600.tmp"Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeProcess created: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe "C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe"Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmpBEE8.tmp"Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess created: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess created: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeProcess created: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1816187695.0000000007B69000.00000004.00000020.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1872656825.000000000601D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected RedLine Stealer
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3cd4cb0.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3cd4cb0.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 6.2.Invoice-BL. Payment TT $ 16945.99.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3c89a90.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3c89a90.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000006.00000002.1798528235.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1687136757.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1687136757.0000000003B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Invoice-BL. Payment TT $ 16945.99.exe PID: 6880, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: Invoice-BL. Payment TT $ 16945.99.exe PID: 7216, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: haYzNpEpfrrs.exe PID: 7556, type: MEMORYSTR
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002A12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $kq1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002A12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLRkqX
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002A12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLRkq
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002A12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $kq%appdata%`,kqdC:\Users\user\AppData\Roaming`,kqdC:\Users\user\AppData\Roaming\Binance
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002A12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $kq&%localappdata%\Coinomi\Coinomi\walletsLRkq
                          Source: Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002A12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $kq5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                          Source: C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Roaming\atomic\
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Roaming\Binance\
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\
                          Source: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
                          Source: Yara matchFile source: 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000D.00000002.1854830160.0000000002E6C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000006.00000002.1800626325.0000000002A12000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Invoice-BL. Payment TT $ 16945.99.exe PID: 7216, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: haYzNpEpfrrs.exe PID: 7556, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected RedLine Stealer
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3cd4cb0.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3cd4cb0.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 6.2.Invoice-BL. Payment TT $ 16945.99.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3c89a90.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3c89a90.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Invoice-BL. Payment TT $ 16945.99.exe.3bfa470.3.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000006.00000002.1798528235.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1687136757.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1687136757.0000000003B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Invoice-BL. Payment TT $ 16945.99.exe PID: 6880, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: Invoice-BL. Payment TT $ 16945.99.exe PID: 7216, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: haYzNpEpfrrs.exe PID: 7556, type: MEMORYSTR

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                          Windows Management Instrumentation                          		1
                          Scheduled Task/Job                          		111
                          Process Injection                          		1
                          Masquerading                          		1
                          OS Credential Dumping                          		331
                          Security Software Discovery                          		Remote Services1
                          Archive Collected Data                          		1
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Scheduled Task/Job                          		1
                          DLL Side-Loading                          		1
                          Scheduled Task/Job                          		11
                          Disable or Modify Tools                          		LSASS Memory1
                          Process Discovery                          		Remote Desktop Protocol3
                          Data from Local System                          		1
                          Non-Standard Port                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                          DLL Side-Loading                          		241
                          Virtualization/Sandbox Evasion                          		Security Account Manager241
                          Virtualization/Sandbox Evasion                          		SMB/Windows Admin SharesData from Network Shared Drive1
                          Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                          Process Injection                          		NTDS1
                          Application Window Discovery                          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                          Obfuscated Files or Information                          		LSA Secrets1
                          File and Directory Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                          Software Packing                          		Cached Domain Credentials113
                          System Information Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          Timestomp                          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                          DLL Side-Loading                          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1572212 Sample: Invoice-BL. Payment TT $  1... Startdate: 10/12/2024 Architecture: WINDOWS Score: 100 47 Suricata IDS alerts for network traffic 2->47 49 Found malware configuration 2->49 51 Sigma detected: Scheduled temp file as task from temp location 2->51 53 13 other signatures 2->53 7 Invoice-BL. Payment TT $  16945.99.exe 7 2->7         started        11 haYzNpEpfrrs.exe 5 2->11         started        process3 file4 37 C:\Users\user\AppData\...\haYzNpEpfrrs.exe, PE32 7->37 dropped 39 C:\Users\...\haYzNpEpfrrs.exe:Zone.Identifier, ASCII 7->39 dropped 41 C:\Users\user\AppData\Local\...\tmp4600.tmp, XML 7->41 dropped 43 Invoice-BL. Paymen...$  16945.99.exe.log, ASCII 7->43 dropped 55 Adds a directory exclusion to Windows Defender 7->55 57 Injects a PE file into a foreign processes 7->57 13 Invoice-BL. Payment TT $  16945.99.exe 5 3 7->13         started        17 powershell.exe 23 7->17         started        19 schtasks.exe 1 7->19         started        59 Multi AV Scanner detection for dropped file 11->59 61 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 11->61 63 Machine Learning detection for dropped file 11->63 65 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 11->65 21 haYzNpEpfrrs.exe 11->21         started        23 schtasks.exe 11->23         started        25 haYzNpEpfrrs.exe 11->25         started        27 haYzNpEpfrrs.exe 11->27         started        signatures5 process6 dnsIp7 45 45.137.22.164, 1912, 49733, 49736 ROOTLAYERNETNL Netherlands 13->45 67 Found many strings related to Crypto-Wallets (likely being stolen) 13->67 69 Tries to steal Crypto Currency Wallets 13->69 71 Loading BitLocker PowerShell Module 17->71 29 conhost.exe 17->29         started        31 WmiPrvSE.exe 17->31         started        33 conhost.exe 19->33         started        73 Tries to harvest and steal browser information (history, passwords, etc) 21->73 35 conhost.exe 23->35         started        signatures8 process9

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          Invoice-BL. Payment TT $ 16945.99.exe29%ReversingLabs
                          Invoice-BL. Payment TT $ 16945.99.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe29%ReversingLabs

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://purl.oen0%Avira URL Cloudsafe

                          Domains and IPs

                          Contacted Domains

                          No contacted domains info

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://schemas.xmlsoap.org/ws/2005/02/sc/sctInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/ac/?q=Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id23ResponseDInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002D1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id12ResponseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id2ResponseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.fontbureau.com/designersInvoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id21ResponseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Entity/Id9Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Entity/Id8Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Entity/Id5Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tempuri.org/Entity/Id4Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Entity/Id7Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://purl.oenInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800294591.000000000101E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://tempuri.org/Entity/Id6Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.sajatypeworks.comInvoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Entity/Id19ResponseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.founder.com.cn/cn/cTheInvoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/faultInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsatInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.galapagosdesign.com/DPleaseInvoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://tempuri.org/Entity/Id15ResponseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.urwpp.deDPleaseInvoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.zhongyicts.com.cnInvoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameInvoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1684498941.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 00000007.00000002.1738139117.0000000002521000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id6ResponseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://api.ip.sb/ipInvoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1687136757.0000000003B01000.00000004.00000800.00020000.00000000.sdmp, Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1687136757.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1798528235.0000000000402000.00000040.00000400.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://duckduckgo.com/?q=Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/scInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id1ResponseDInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tempuri.org/Entity/Id9ResponseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/Entity/Id20Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tempuri.org/Entity/Id21Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/Entity/Id22Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://tempuri.org/Entity/Id23Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://tempuri.org/Entity/Id24Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://tempuri.org/Entity/Id24ResponseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.ecosia.org/newtab/Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002D89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://tempuri.org/Entity/Id1ResponseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.carterandcone.comlInvoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.fontbureau.com/designers/frere-user.htmlInvoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressingInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/trustInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://tempuri.org/Entity/Id10Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://tempuri.org/Entity/Id11Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://tempuri.org/Entity/Id12Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://tempuri.org/Entity/Id16ResponseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://tempuri.org/Entity/Id13Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://tempuri.org/Entity/Id14Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://tempuri.org/Entity/Id15Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://tempuri.org/Entity/Id16Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/NonceInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://tempuri.org/Entity/Id17Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://tempuri.org/Entity/Id18Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://tempuri.org/Entity/Id5ResponseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://tempuri.org/Entity/Id19Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://tempuri.org/Entity/Id10ResponseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RenewInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://www.fontbureau.com/designersGInvoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://tempuri.org/Entity/Id8ResponseInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://www.fontbureau.com/designers/?Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://www.founder.com.cn/cn/bTheInvoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0Invoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://www.fontbureau.com/designers?Invoice-BL. Payment TT $ 16945.99.exe, 00000000.00000002.1694125149.00000000070F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTInvoice-BL. Payment TT $ 16945.99.exe, 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, haYzNpEpfrrs.exe, 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high

                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                45.137.22.164
                                                                                                                                                                                                                                		unknownNetherlands
                                                                                                                                                                                                                                		51447ROOTLAYERNETNLtrue

                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                Analysis ID:1572212
                                                                                                                                                                                                                                Start date and time:2024-12-10 09:16:06 +01:00
                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                Overall analysis duration:0h 6m 43s
                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                Number of analysed new started processes analysed:18
                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                Sample name:Invoice-BL. Payment TT $ 16945.99.exe
                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@20/11@0/1
                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                • Successful, ratio: 99%
                                                                                                                                                                                                                                • Number of executed functions: 308
                                                                                                                                                                                                                                • Number of non-executed functions: 12
                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 23.218.208.109, 20.12.23.50, 13.107.246.63
                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                • VT rate limit hit for: Invoice-BL. Payment TT $ 16945.99.exe

                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                03:16:55API Interceptor45x Sleep call for process: Invoice-BL. Payment TT $ 16945.99.exe modified
                                                                                                                                                                                                                                03:16:59API Interceptor18x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                03:17:00API Interceptor40x Sleep call for process: haYzNpEpfrrs.exe modified
                                                                                                                                                                                                                                08:16:59Task SchedulerRun new task: haYzNpEpfrrs path: C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe

                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                45.137.22.164Xf0VkRcuwx.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                • 45.137.22.164:55615/

                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                ROOTLAYERNETNLMfzXU6tKOq.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                • 185.222.58.82
                                                                                                                                                                                                                                lWnSA7IyVc.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                • 185.222.58.229
                                                                                                                                                                                                                                8ZVd2S51fr.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                • 185.222.58.241
                                                                                                                                                                                                                                Purchase Order Purchase Order Purchase Order Purchase Order.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                • 185.222.57.90
                                                                                                                                                                                                                                Purchase Order Purchase Order Purchase Order Purchase Order.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                • 185.222.57.90
                                                                                                                                                                                                                                9dOKGgFNL2.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                • 45.137.22.126
                                                                                                                                                                                                                                RFQ List and airflight 2024.pif.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                • 45.137.22.174
                                                                                                                                                                                                                                Calyciform.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                • 45.137.22.248
                                                                                                                                                                                                                                I5pvP0CU6M.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                • 45.137.22.248
                                                                                                                                                                                                                                gLsenXDHxP.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                • 185.222.58.240

                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Invoice-BL. Payment TT $ 16945.99.exe.log

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe
                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1415
                                                                                                                                                                                                                                Entropy (8bit):5.352427679901606
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRaKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPHKMRatHo6hAH4
                                                                                                                                                                                                                                MD5:97AD91F1C1F572C945DA12233082171D
                                                                                                                                                                                                                                SHA1:D5E33DDAB37E32E416FC40419FB26B3C0563519D
                                                                                                                                                                                                                                SHA-256:3F64591E0447E6F5034BC69A8A8D4C7ED36DAC5FE1E408401AE1B98F0D915F7E
                                                                                                                                                                                                                                SHA-512:8FAEED342DADC17571F711DDC1BE67C79A51CA5BD56B5DA13E472ED45FC4EC6F1DC704BA92E81E97F5ECFD73F3D88F9B9CD9AE4EADDF993BFF826627215FBBCE
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fc

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\haYzNpEpfrrs.exe.log

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe
                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1415
                                                                                                                                                                                                                                Entropy (8bit):5.352427679901606
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRaKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPHKMRatHo6hAH4
                                                                                                                                                                                                                                MD5:97AD91F1C1F572C945DA12233082171D
                                                                                                                                                                                                                                SHA1:D5E33DDAB37E32E416FC40419FB26B3C0563519D
                                                                                                                                                                                                                                SHA-256:3F64591E0447E6F5034BC69A8A8D4C7ED36DAC5FE1E408401AE1B98F0D915F7E
                                                                                                                                                                                                                                SHA-512:8FAEED342DADC17571F711DDC1BE67C79A51CA5BD56B5DA13E472ED45FC4EC6F1DC704BA92E81E97F5ECFD73F3D88F9B9CD9AE4EADDF993BFF826627215FBBCE
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fc

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):2232
                                                                                                                                                                                                                                Entropy (8bit):5.380046556058007
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:48:tWSU4xympgv4RIoUP7gZ9tK8NPZHUx7u1iMugeoPUyus:tLHxv2IfLZ2KRH6OugYs
                                                                                                                                                                                                                                MD5:2CD406C53B62AF9CEEDA779C3D052C67
                                                                                                                                                                                                                                SHA1:B8BB0498E4C2CB3E143E5D1558DBC404B8D9C88B
                                                                                                                                                                                                                                SHA-256:EECA72F82C77A05EDA785D6B29F06237AA2441B387B6862E4A6D4179469ED2E7
                                                                                                                                                                                                                                SHA-512:7AB67B87C0E0A4DADCAC5B4DE02ADAE1D9FC2AC723312826032D9F0741DE61466692D673560A92DFA35D776E9ED86BCA42AFFE4B2E5C099512BD5D52DFEEC14B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0bjzhyeg.atd.psm1

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2g15l2ce.d4q.ps1

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_am1dw0x2.utp.psm1

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zidiqfho.rzp.ps1

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp4600.tmp

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe
                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1578
                                                                                                                                                                                                                                Entropy (8bit):5.114020694365595
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaRxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTCv
                                                                                                                                                                                                                                MD5:917B84BDD74DB2B07DE91616DFEF5A54
                                                                                                                                                                                                                                SHA1:51E33F1912B51B1BAC335104E925BB1861E5042E
                                                                                                                                                                                                                                SHA-256:B587211C1CE543357EE914AC0C5FD02979F866532F7FF0E0EADA0D345CEBD197
                                                                                                                                                                                                                                SHA-512:0062DF1A3DB4C1DF1584786294C93D8544121A62E938997B62D01AC12572153D4CBC884F921BEF76F45A546D5468F2711729672D8F4676EB72214788974EF635
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpBEE8.tmp

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe
                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1578
                                                                                                                                                                                                                                Entropy (8bit):5.114020694365595
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaRxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTCv
                                                                                                                                                                                                                                MD5:917B84BDD74DB2B07DE91616DFEF5A54
                                                                                                                                                                                                                                SHA1:51E33F1912B51B1BAC335104E925BB1861E5042E
                                                                                                                                                                                                                                SHA-256:B587211C1CE543357EE914AC0C5FD02979F866532F7FF0E0EADA0D345CEBD197
                                                                                                                                                                                                                                SHA-512:0062DF1A3DB4C1DF1584786294C93D8544121A62E938997B62D01AC12572153D4CBC884F921BEF76F45A546D5468F2711729672D8F4676EB72214788974EF635
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe
                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):925184
                                                                                                                                                                                                                                Entropy (8bit):7.614879208179868
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24576:GyC4xOD82KiKPsBQJYJk2ObauajEwFOEB:txFtLkBQJYJk2uaNh
                                                                                                                                                                                                                                MD5:EB7496FF2480E5B4FBD90E785A7328CD
                                                                                                                                                                                                                                SHA1:0039713076F0CCB54BFEA4FA060B62EADA29D39E
                                                                                                                                                                                                                                SHA-256:D30D43EA8F103340A2307145035F404873D3D345F310DBEBA6FA20F85D3FB790
                                                                                                                                                                                                                                SHA-512:FDE7E0E55C266289EEBB393F41985DFC7A61FFCDA24822BB35163002750EA6F2D969C63650D78804A365E7FE967A3B585C18591EE72C5C14FBE2696CCAB5FEC1
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v................0.................. ........@.. ....................................@.................................6...O...........................`......<...p............................................ ............... ..H............text........ ...................... ..`.rsrc..............................@..@.reloc.......`......................@..B................j.......H............h......f...lA...L............................................r...ps....}.....s....}......}.....(.......(......(.....*...0..............{....o....o......r{..p.{....s....}.....{....o.......{....o....}....+N...X..{....o..........%...?....%..{.....o....o.....%..{.....o....o.....o....&..{....o......-..{....o .....{....o!....*..0............{....o"....o#...o$...o%.....r...p(&.....9.....s......{.....{....o.....o'...o(...o)....o*...o+...o....o,.....{....r...p.{....o.....

                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe:Zone.Identifier

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe
                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):26
                                                                                                                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Entropy (8bit):7.614879208179868
                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                File name:Invoice-BL. Payment TT $ 16945.99.exe
                                                                                                                                                                                                                                File size:925'184 bytes
                                                                                                                                                                                                                                MD5:eb7496ff2480e5b4fbd90e785a7328cd
                                                                                                                                                                                                                                SHA1:0039713076f0ccb54bfea4fa060b62eada29d39e
                                                                                                                                                                                                                                SHA256:d30d43ea8f103340a2307145035f404873d3d345f310dbeba6fa20f85d3fb790
                                                                                                                                                                                                                                SHA512:fde7e0e55c266289eebb393f41985dfc7a61ffcda24822bb35163002750ea6f2d969c63650d78804a365e7fe967a3b585c18591ee72c5c14fbe2696ccab5fec1
                                                                                                                                                                                                                                SSDEEP:24576:GyC4xOD82KiKPsBQJYJk2ObauajEwFOEB:txFtLkBQJYJk2uaNh
                                                                                                                                                                                                                                TLSH:B815DF14B369C706C52657F00A61E6B813BD7F5EE816D21A3DEA7EDF7835B814A00E83
                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v................0.................. ........@.. ....................................@................................

                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                Icon Hash:83356d4d454d2986

                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Entrypoint:0x4db48a
                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                Time Stamp:0xF8F576FC [Fri May 12 00:19:08 2102 UTC]
                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                jmp dword ptr [00402000h]
                                                                                                                                                                                                                                push ebx
                                                                                                                                                                                                                                add byte ptr [ecx+00h], bh
                                                                                                                                                                                                                                jnc 00007FBB3D1761E2h
                                                                                                                                                                                                                                je 00007FBB3D1761E2h
                                                                                                                                                                                                                                add byte ptr [ebp+00h], ch
                                                                                                                                                                                                                                add byte ptr [ecx+00h], al
                                                                                                                                                                                                                                arpl word ptr [eax], ax
                                                                                                                                                                                                                                je 00007FBB3D1761E2h
                                                                                                                                                                                                                                imul eax, dword ptr [eax], 00610076h
                                                                                                                                                                                                                                je 00007FBB3D1761E2h
                                                                                                                                                                                                                                outsd
                                                                                                                                                                                                                                add byte ptr [edx+00h], dh
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al

                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xdb4360x4f.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xdc0000x82f4.rsrc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xe60000xc.reloc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0xd8e3c0x70.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                .text0x20000xd94b00xd96007bbec4a04abb5d791d4643898a4b216dFalse0.8380602177975848data7.634839633173352IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .rsrc0xdc0000x82f40x84008a1030e71a7acfbf096846f05dd97603False0.5305101799242424data6.369153486841749IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .reloc0xe60000xc0x200968ce691bbc77a326a0876e98bcfe968False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                RT_ICON0xdc1f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 5669 x 5669 px/m0.36436170212765956
                                                                                                                                                                                                                                RT_ICON0xdc6580x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 5669 x 5669 px/m0.24385245901639344
                                                                                                                                                                                                                                RT_ICON0xdcfe00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 5669 x 5669 px/m0.1845684803001876
                                                                                                                                                                                                                                RT_ICON0xde0880x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 5669 x 5669 px/m0.13526970954356846
                                                                                                                                                                                                                                RT_ICON0xe06300x3750PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9771186440677966
                                                                                                                                                                                                                                RT_GROUP_ICON0xe3d800x4cdata0.75
                                                                                                                                                                                                                                RT_VERSION0xe3dcc0x33cdata0.4323671497584541
                                                                                                                                                                                                                                RT_MANIFEST0xe41080x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                mscoree.dll_CorExeMain

                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                2024-12-10T09:17:02.030831+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.44973345.137.22.1641912TCP
                                                                                                                                                                                                                                2024-12-10T09:17:02.030831+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.44973345.137.22.1641912TCP
                                                                                                                                                                                                                                2024-12-10T09:17:02.420478+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response145.137.22.1641912192.168.2.449733TCP
                                                                                                                                                                                                                                2024-12-10T09:17:06.742113+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.44973645.137.22.1641912TCP
                                                                                                                                                                                                                                2024-12-10T09:17:06.742113+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.44973645.137.22.1641912TCP
                                                                                                                                                                                                                                2024-12-10T09:17:07.543715+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.44973345.137.22.1641912TCP
                                                                                                                                                                                                                                2024-12-10T09:17:07.682772+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response145.137.22.1641912192.168.2.449736TCP
                                                                                                                                                                                                                                2024-12-10T09:17:09.080209+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)145.137.22.1641912192.168.2.449733TCP
                                                                                                                                                                                                                                2024-12-10T09:17:10.554388+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.44973345.137.22.1641912TCP
                                                                                                                                                                                                                                2024-12-10T09:17:11.009802+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.44973345.137.22.1641912TCP
                                                                                                                                                                                                                                2024-12-10T09:17:12.811063+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.44973645.137.22.1641912TCP
                                                                                                                                                                                                                                2024-12-10T09:17:14.206852+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)145.137.22.1641912192.168.2.449736TCP
                                                                                                                                                                                                                                2024-12-10T09:17:15.615330+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.44973645.137.22.1641912TCP
                                                                                                                                                                                                                                2024-12-10T09:17:16.056822+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.44973645.137.22.1641912TCP

                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Dec 10, 2024 09:17:00.580277920 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:00.699816942 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:00.699908972 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:00.709409952 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:00.828707933 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:01.943959951 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:02.016598940 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:02.030831099 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:02.150074959 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:02.420478106 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:02.491600990 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:05.328155041 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:05.447635889 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:05.447793961 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:05.460552931 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:05.579818010 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:06.699685097 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:06.742113113 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:06.861433983 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:07.543715000 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:07.663194895 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:07.682771921 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:07.782866001 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:07.935693026 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:07.935705900 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:07.935715914 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:07.935725927 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:07.935736895 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:07.935756922 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:07.935802937 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:08.960517883 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080209017 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080235004 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080281019 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080322027 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080352068 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080368996 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080398083 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080415010 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080537081 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080550909 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080585957 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080651999 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080697060 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080754995 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080795050 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080878973 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080888033 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.080940008 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200021982 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200048923 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200098038 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200103998 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200123072 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200145006 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200155020 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200262070 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200273037 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200314999 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200340033 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200392008 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200431108 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200443983 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200506926 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200561047 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200613022 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200622082 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200680971 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200733900 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200786114 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200788021 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.200835943 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.319694996 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.319782019 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.319859982 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.319930077 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.319981098 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320003986 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320075989 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320151091 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320205927 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320293903 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320350885 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320385933 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320429087 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320431948 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320477962 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320560932 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320605040 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320606947 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320650101 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320708036 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320724964 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320749044 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320770979 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320796013 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320878029 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320899963 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320914984 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320919037 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320933104 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.320960999 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321046114 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321055889 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321096897 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321120024 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321147919 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321158886 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321187019 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321249008 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321280956 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321294069 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321324110 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321387053 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321430922 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321440935 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321450949 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321460009 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321500063 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321532965 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.321633101 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439325094 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439388037 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439466953 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439491034 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439541101 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439572096 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439734936 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439743996 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439754009 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439764977 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439804077 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439832926 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439865112 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439919949 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.439966917 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.440007925 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.440011024 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.440165043 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.440174103 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.440289974 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.440299034 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.440396070 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.440493107 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.440726042 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.440737009 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.440834999 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.440849066 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.440951109 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.440974951 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441071987 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441087008 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441168070 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441178083 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441287041 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441296101 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441392899 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441477060 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441485882 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441495895 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441653967 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441663027 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441719055 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441812992 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441831112 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441948891 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441960096 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441978931 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.441999912 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.442058086 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.442075968 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.442207098 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.442229986 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.442343950 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.442353010 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.442440033 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.442481041 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.442624092 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.442764044 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.442774057 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.442789078 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.442970037 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.442984104 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.443094969 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.443103075 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.443264961 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.443274021 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.443414927 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.443460941 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.443628073 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.443655968 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.443784952 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.443816900 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.443954945 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.444004059 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.444195032 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.444231987 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.558872938 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.558892012 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559030056 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559083939 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559178114 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559186935 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559205055 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559268951 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559278011 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559395075 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559403896 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559523106 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559531927 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559592009 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559704065 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559712887 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559720039 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559771061 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559778929 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559881926 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.559897900 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.560008049 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.560257912 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.560328960 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.561320066 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.561328888 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.561435938 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.561444998 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.561537981 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.561547041 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.561640978 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.561649084 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.561697006 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.561750889 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.561808109 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.561834097 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.561963081 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.561971903 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562006950 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562053919 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562145948 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562164068 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562212944 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562283039 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562355995 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562372923 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562482119 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562489986 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562616110 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562661886 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562751055 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562767982 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562921047 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.562930107 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563014030 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563057899 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563163996 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563220978 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563261986 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563294888 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563430071 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563487053 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563621998 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563735008 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563744068 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563754082 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563862085 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563911915 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563977003 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.563987970 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.564054966 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.564064026 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.564100027 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.564141035 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.564193010 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.564234972 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.564280033 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.564368963 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.564579010 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.564634085 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.679750919 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.679764986 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.679776907 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.679827929 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.679883003 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.679934978 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.679965973 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680002928 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680092096 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680182934 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680193901 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680241108 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680346966 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680399895 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680543900 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680552006 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680668116 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680676937 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680728912 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680778980 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680860043 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680907965 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.680968046 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681024075 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681051016 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681108952 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681189060 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681241035 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681317091 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681324959 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681380033 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681390047 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681512117 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681566000 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681757927 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681776047 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681893110 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.681935072 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682082891 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682092905 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682188034 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682197094 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682284117 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682291985 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682383060 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682390928 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682425022 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682434082 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682511091 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682558060 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682632923 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682662010 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682760954 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.682796001 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.683172941 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.683228970 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684000015 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684009075 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684089899 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684109926 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684268951 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684278011 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684288025 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684295893 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684372902 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684385061 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684469938 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684504032 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684587002 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684619904 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684717894 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684726954 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684820890 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684829950 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684919119 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684938908 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684986115 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.684994936 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685081959 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685091972 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685204983 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685247898 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685362101 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685370922 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685442924 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685460091 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685553074 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685561895 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685672045 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685724020 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685805082 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685813904 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685909986 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.685919046 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686012983 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686058998 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686202049 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686219931 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686331987 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686347961 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686404943 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686453104 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686496973 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686537027 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686621904 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686630011 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686748028 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686757088 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686794043 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.686909914 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.687135935 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.687181950 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.802740097 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.802755117 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.802865982 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.802875996 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.802989960 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.802999020 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.803080082 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.803128004 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.803248882 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.803292990 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.803407907 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.803426981 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.803617954 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.803627968 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.803734064 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.803795099 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804045916 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804088116 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804152012 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804161072 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804246902 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804255962 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804328918 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804349899 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804409981 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804450035 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804546118 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804564953 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804709911 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804718971 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804755926 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804805040 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804883957 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804932117 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.804985046 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.805033922 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.805092096 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.805149078 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.805205107 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.805249929 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.805387020 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.805428028 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.805557013 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.805607080 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.805833101 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.805887938 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806010962 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806020021 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806145906 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806154966 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806235075 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806292057 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806329966 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806391954 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806566954 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806610107 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806696892 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806718111 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806735992 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806777000 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806909084 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806920052 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.806994915 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.807020903 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.807125092 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.807190895 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.807199001 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.807279110 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.807430029 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.807472944 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.807534933 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.807543039 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.807683945 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.807693958 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.807826996 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.807838917 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808024883 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808033943 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808149099 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808170080 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808311939 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808403969 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808413029 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808527946 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808537006 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808545113 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808662891 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808681011 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808779001 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808815956 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808896065 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.808906078 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809010983 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809022903 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809135914 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809148073 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809222937 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809267998 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809314013 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809360027 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809442043 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809490919 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809535980 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809592962 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809640884 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809652090 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809777021 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809787035 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809853077 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.809870958 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.810165882 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.810252905 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926246881 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926260948 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926270008 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926285982 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926295042 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926304102 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926398993 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926429033 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926526070 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926534891 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926574945 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926625967 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926744938 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926760912 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926882982 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.926911116 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927058935 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927067041 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927208900 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927217960 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927274942 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927284002 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927304029 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927320004 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927354097 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927402020 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927560091 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927571058 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927660942 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927670002 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927767038 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927776098 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927870035 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927879095 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927907944 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.927963972 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928021908 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928066015 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928107023 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928173065 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928255081 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928301096 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928432941 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928508997 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928616047 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928668976 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928678989 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928711891 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928797960 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928838968 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928925991 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.928935051 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.929023981 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.929039001 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.929301023 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.929394007 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.929502010 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.929578066 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.929586887 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.929605007 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.929646969 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.929729939 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.929831982 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.929886103 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.929994106 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.930156946 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.930284977 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.930419922 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.930552006 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.930710077 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.930815935 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.930903912 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.930959940 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.931044102 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.931185961 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.931231976 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.931292057 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.931365013 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.931490898 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.931569099 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.931654930 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.931706905 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.931804895 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.931869030 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.931950092 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.931972027 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:09.932121038 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.049010038 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.049114943 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.049247980 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.049422979 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.049593925 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.049711943 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.049895048 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.050052881 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.050153971 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.050283909 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.050404072 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.050551891 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.050684929 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.050832987 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.050952911 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.051094055 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.051240921 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.051462889 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.051616907 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.051789999 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.051919937 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.052087069 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.052154064 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.052294970 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.052395105 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.052592039 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.052603960 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.052793026 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.052891970 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.053060055 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.053155899 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.053267956 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.053375006 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.053455114 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.053539038 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.053589106 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.536258936 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.554388046 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.673902035 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:10.945344925 CET19124973345.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:11.001607895 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:11.009802103 CET497331912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:12.811063051 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:12.930835962 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:13.202454090 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:13.202476025 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:13.202491999 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:13.202532053 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:13.202656031 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:13.202672005 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:13.202722073 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.087353945 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.206851959 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.206866980 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.206885099 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.206895113 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.206926107 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.206969023 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.206990957 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.207000971 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.207024097 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.207055092 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.207060099 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.207068920 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.207107067 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.207122087 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.307502031 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.307580948 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326306105 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326370955 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326375008 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326385021 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326423883 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326435089 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326436043 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326447010 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326489925 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326632023 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326668024 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326685905 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326731920 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326747894 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326785088 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326802015 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326852083 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326853991 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326898098 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326909065 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.326951027 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.327034950 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.327097893 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.427162886 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.427231073 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.445713043 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.445725918 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.445796013 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.445796967 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.445849895 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.445857048 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.445905924 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.445964098 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446029902 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446060896 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446130991 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446139097 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446141958 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446196079 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446296930 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446387053 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446439981 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446443081 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446465015 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446496010 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446516991 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446533918 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446629047 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446650028 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446664095 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446671963 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446743011 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446753979 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446763039 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446811914 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446811914 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446826935 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446862936 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.446970940 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.447042942 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.447069883 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.447098970 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.447205067 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.447215080 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.447273970 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.546693087 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.546710014 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.546727896 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.546736956 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.546787024 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565088987 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565220118 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565241098 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565252066 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565280914 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565299034 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565331936 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565363884 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565416098 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565465927 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565474987 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565522909 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565632105 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565640926 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565661907 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565682888 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565704107 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565752983 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565855026 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565864086 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565973043 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.565992117 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566102982 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566112041 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566283941 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566293955 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566375971 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566385031 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566519022 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566536903 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566642046 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566786051 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566796064 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566803932 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566821098 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566834927 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566896915 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566905975 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566953897 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.566962957 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567049026 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567070961 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567152023 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567167997 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567181110 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567275047 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567285061 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567300081 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567308903 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567433119 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567508936 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567558050 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567567110 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567574978 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567576885 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567601919 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567611933 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567783117 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567799091 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567923069 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567933083 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567950964 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.567961931 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.568031073 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.568042040 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.568058014 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.568068027 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.568150043 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.568160057 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.568226099 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.568276882 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.666193008 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.666224003 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.666234970 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.666280031 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.666362047 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.666393042 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.666481018 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.666490078 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.684537888 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.684786081 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.684796095 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.684813023 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.684820890 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.684941053 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685003996 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685072899 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685113907 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685168982 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685190916 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685249090 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685317039 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685332060 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685457945 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685467005 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685570002 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685579062 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685693979 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685703039 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.685710907 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.686033964 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.686220884 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.686789989 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.686882019 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.686933041 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687021017 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687030077 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687038898 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687143087 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687227011 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687236071 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687310934 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687333107 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687385082 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687393904 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687537909 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687550068 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687635899 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687690020 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687700033 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687725067 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687835932 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687845945 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687932968 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.687942028 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688030958 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688046932 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688057899 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688105106 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688234091 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688242912 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688254118 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688290119 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688333988 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688385963 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688429117 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688437939 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688503981 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688513041 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688632965 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688642025 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688685894 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688695908 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688785076 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688807964 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688941002 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688950062 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688991070 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.688999891 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.689011097 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.689073086 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.689126968 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.689179897 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.689188004 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.689214945 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.689224005 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.689558983 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.689623117 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.806113958 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.806128025 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.806135893 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.806144953 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.806153059 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.806160927 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.806169033 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.806644917 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.806720972 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.806917906 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.806991100 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.807126999 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.807143927 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.807280064 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.807297945 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.807495117 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.807578087 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.807658911 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.807667971 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.807780027 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.807789087 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.807898045 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808012962 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808032990 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808067083 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808166981 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808221102 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808309078 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808341026 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808429956 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808446884 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808589935 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808608055 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808723927 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808746099 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808856964 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808876038 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808964014 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.808974981 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809066057 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809202909 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809214115 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809228897 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809324026 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809331894 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809375048 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809401035 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809468985 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809477091 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809528112 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809566021 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809575081 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809622049 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809746027 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809887886 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809904099 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.809990883 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810020924 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810029984 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810095072 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810128927 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810143948 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810203075 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810220957 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810297012 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810348988 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810472965 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810483932 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810621023 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810628891 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810767889 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810777903 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810895920 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.810991049 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811001062 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811007977 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811070919 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811083078 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811211109 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811219931 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811383963 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811393023 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811532021 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811539888 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811662912 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811674118 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811763048 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811773062 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811902046 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811909914 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811954975 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.811974049 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812088013 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812098026 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812182903 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812191010 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812313080 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812330008 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812406063 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812414885 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812514067 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812531948 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812665939 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812685013 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812766075 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812851906 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812894106 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812902927 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.812987089 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.813008070 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.813232899 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.813330889 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.929474115 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.929506063 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.929563046 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.929573059 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.929651976 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.929661036 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.929738998 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.929789066 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.929877996 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.929886103 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.929976940 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930151939 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930161953 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930171013 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930298090 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930306911 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930315018 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930330992 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930463076 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930476904 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930485964 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930605888 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930618048 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930629969 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930730104 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930752039 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930850029 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930921078 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930931091 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.930951118 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931060076 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931068897 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931164980 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931175947 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931212902 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931222916 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931273937 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931320906 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931540012 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931552887 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931617975 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931638002 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931726933 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931735992 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931823969 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931919098 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931971073 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.931988001 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932101011 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932137966 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932245970 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932255030 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932343006 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932352066 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932593107 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932602882 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932660103 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932715893 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932739973 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932765007 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932794094 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932827950 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932907104 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.932970047 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933065891 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933074951 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933168888 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933178902 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933235884 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933245897 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933300018 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933320045 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933397055 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933407068 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933556080 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933568001 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933739901 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933757067 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933821917 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933830976 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933923006 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.933931112 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934032917 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934041977 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934082031 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934092999 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934170008 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934187889 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934206009 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934216022 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934310913 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934319973 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934395075 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934405088 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934508085 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934516907 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934528112 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934535980 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934669018 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934678078 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934740067 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934752941 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934825897 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934834003 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934874058 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934883118 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934978008 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.934986115 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.935039997 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.935048103 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.935275078 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:14.935354948 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.053236961 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.053260088 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.053270102 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.053278923 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.053289890 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.053430080 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.053438902 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.053632975 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.053643942 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.054570913 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.054580927 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.054650068 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.054658890 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.054668903 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.055555105 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.055565119 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.055613995 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.055664062 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.056145906 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.056166887 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.056226969 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.056236029 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.056246996 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.056920052 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.057012081 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.057022095 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.057048082 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.057441950 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.057452917 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.057944059 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.058006048 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.058015108 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.058075905 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.058084965 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.058552027 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.058573008 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.058581114 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.058648109 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.059655905 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.059665918 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.059747934 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.059765100 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.059813976 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.060281038 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.060292006 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.060702085 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.060712099 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.060822964 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.060837984 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.061712027 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.061722040 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.061760902 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.061821938 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.061832905 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.061841011 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.062206030 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.062311888 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.062328100 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.062336922 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.062959909 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.062969923 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.063067913 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.063076973 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.063913107 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.063921928 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.063970089 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.063996077 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.064053059 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.065046072 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.065097094 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.065212011 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.065221071 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.065716028 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.065726995 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.065763950 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.065781116 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.065911055 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.065920115 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.066915989 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.066934109 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.067528963 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.067620039 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.068582058 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.068627119 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.069108963 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.069816113 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.069951057 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.070041895 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.070346117 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.070907116 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.070971966 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.071633101 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.072093010 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.072110891 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.072357893 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.181777000 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.181874990 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.181932926 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.182019949 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.182096958 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.182163954 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.182214975 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.182324886 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.182408094 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.182481050 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.182598114 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.182646036 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.182655096 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.182728052 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.182832956 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.182899952 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.182980061 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.183028936 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.183150053 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.183233023 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.183290005 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.183350086 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.183440924 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.183512926 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.183558941 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.183568954 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.191718102 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.191796064 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.191890001 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.191931963 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.192063093 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.192126036 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.192236900 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.192321062 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.610558033 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.615329981 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:15.734862089 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:16.005775928 CET19124973645.137.22.164192.168.2.4
                                                                                                                                                                                                                                Dec 10, 2024 09:17:16.049487114 CET497361912192.168.2.445.137.22.164
                                                                                                                                                                                                                                Dec 10, 2024 09:17:16.056822062 CET497361912192.168.2.445.137.22.164

                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                Start time:03:16:55
                                                                                                                                                                                                                                Start date:10/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe"
                                                                                                                                                                                                                                Imagebase:0x6a0000
                                                                                                                                                                                                                                File size:925'184 bytes
                                                                                                                                                                                                                                MD5 hash:EB7496FF2480E5B4FBD90E785A7328CD
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1687136757.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1687136757.0000000003B01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                Start time:03:16:58
                                                                                                                                                                                                                                Start date:10/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"
                                                                                                                                                                                                                                Imagebase:0xc10000
                                                                                                                                                                                                                                File size:433'152 bytes
                                                                                                                                                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                Start time:03:16:58
                                                                                                                                                                                                                                Start date:10/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                Start time:03:16:58
                                                                                                                                                                                                                                Start date:10/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmp4600.tmp"
                                                                                                                                                                                                                                Imagebase:0x2f0000
                                                                                                                                                                                                                                File size:187'904 bytes
                                                                                                                                                                                                                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                Start time:03:16:58
                                                                                                                                                                                                                                Start date:10/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                Start time:03:16:58
                                                                                                                                                                                                                                Start date:10/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\Invoice-BL. Payment TT $ 16945.99.exe"
                                                                                                                                                                                                                                Imagebase:0x5b0000
                                                                                                                                                                                                                                File size:925'184 bytes
                                                                                                                                                                                                                                MD5 hash:EB7496FF2480E5B4FBD90E785A7328CD
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.1800626325.0000000002886000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.1798528235.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1800626325.0000000002A12000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                                Start time:03:16:59
                                                                                                                                                                                                                                Start date:10/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe
                                                                                                                                                                                                                                Imagebase:0x1e0000
                                                                                                                                                                                                                                File size:925'184 bytes
                                                                                                                                                                                                                                MD5 hash:EB7496FF2480E5B4FBD90E785A7328CD
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                • Detection: 29%, ReversingLabs
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                Start time:03:17:01
                                                                                                                                                                                                                                Start date:10/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                Imagebase:0x7ff693ab0000
                                                                                                                                                                                                                                File size:496'640 bytes
                                                                                                                                                                                                                                MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                Start time:03:17:02
                                                                                                                                                                                                                                Start date:10/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\haYzNpEpfrrs" /XML "C:\Users\user\AppData\Local\Temp\tmpBEE8.tmp"
                                                                                                                                                                                                                                Imagebase:0x2f0000
                                                                                                                                                                                                                                File size:187'904 bytes
                                                                                                                                                                                                                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                Start time:03:17:03
                                                                                                                                                                                                                                Start date:10/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                Start time:03:17:03
                                                                                                                                                                                                                                Start date:10/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"
                                                                                                                                                                                                                                Imagebase:0x1d0000
                                                                                                                                                                                                                                File size:925'184 bytes
                                                                                                                                                                                                                                MD5 hash:EB7496FF2480E5B4FBD90E785A7328CD
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                Start time:03:17:03
                                                                                                                                                                                                                                Start date:10/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"
                                                                                                                                                                                                                                Imagebase:0x3d0000
                                                                                                                                                                                                                                File size:925'184 bytes
                                                                                                                                                                                                                                MD5 hash:EB7496FF2480E5B4FBD90E785A7328CD
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                                Start time:03:17:03
                                                                                                                                                                                                                                Start date:10/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\haYzNpEpfrrs.exe"
                                                                                                                                                                                                                                Imagebase:0x770000
                                                                                                                                                                                                                                File size:925'184 bytes
                                                                                                                                                                                                                                MD5 hash:EB7496FF2480E5B4FBD90E785A7328CD
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000D.00000002.1854830160.0000000002C0A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.1854830160.0000000002E6C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:9.7%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                  Signature Coverage:1.6%
                                                                                                                                                                                                                                  Total number of Nodes:184
                                                                                                                                                                                                                                  Total number of Limit Nodes:13
                                                                                                                                                                                                                                  execution_graph 43140 7c05ff0 43141 7c06170 43140->43141 43142 7c05ffa 43140->43142 43146 7c082c8 43142->43146 43161 7c0832e 43142->43161 43177 7c082b9 43142->43177 43148 7c082e2 43146->43148 43147 7c082ea 43147->43141 43148->43147 43192 7c08b75 43148->43192 43197 7c08c23 43148->43197 43201 7c089e1 43148->43201 43206 7c08d01 43148->43206 43210 7c08cbe 43148->43210 43214 7c08ebc 43148->43214 43219 7c08a0a 43148->43219 43224 7c085e9 43148->43224 43230 7c08d98 43148->43230 43235 7c09008 43148->43235 43240 7c088a7 43148->43240 43250 7c08856 43148->43250 43163 7c082bc 43161->43163 43164 7c08331 43161->43164 43162 7c082ea 43162->43141 43163->43162 43165 7c08d01 2 API calls 43163->43165 43166 7c089e1 2 API calls 43163->43166 43167 7c08c23 2 API calls 43163->43167 43168 7c08b75 2 API calls 43163->43168 43169 7c08856 2 API calls 43163->43169 43170 7c088a7 4 API calls 43163->43170 43171 7c09008 2 API calls 43163->43171 43172 7c08d98 2 API calls 43163->43172 43173 7c085e9 2 API calls 43163->43173 43174 7c08a0a 2 API calls 43163->43174 43175 7c08ebc 2 API calls 43163->43175 43176 7c08cbe 2 API calls 43163->43176 43164->43141 43165->43162 43166->43162 43167->43162 43168->43162 43169->43162 43170->43162 43171->43162 43172->43162 43173->43162 43174->43162 43175->43162 43176->43162 43179 7c082bc 43177->43179 43178 7c082ea 43178->43141 43179->43178 43180 7c08d01 2 API calls 43179->43180 43181 7c089e1 2 API calls 43179->43181 43182 7c08c23 2 API calls 43179->43182 43183 7c08b75 2 API calls 43179->43183 43184 7c08856 2 API calls 43179->43184 43185 7c088a7 4 API calls 43179->43185 43186 7c09008 2 API calls 43179->43186 43187 7c08d98 2 API calls 43179->43187 43188 7c085e9 2 API calls 43179->43188 43189 7c08a0a 2 API calls 43179->43189 43190 7c08ebc 2 API calls 43179->43190 43191 7c08cbe 2 API calls 43179->43191 43180->43178 43181->43178 43182->43178 43183->43178 43184->43178 43185->43178 43186->43178 43187->43178 43188->43178 43189->43178 43190->43178 43191->43178 43193 7c08b82 43192->43193 43258 7c05680 43193->43258 43262 7c05688 43193->43262 43194 7c0907b 43266 7c05738 43197->43266 43270 7c05731 43197->43270 43198 7c08928 43198->43147 43202 7c08834 43201->43202 43202->43201 43203 7c08846 43202->43203 43274 7c058d0 43202->43274 43278 7c058c8 43202->43278 43203->43147 43282 7c059c0 43206->43282 43286 7c059b8 43206->43286 43207 7c08d23 43212 7c058d0 WriteProcessMemory 43210->43212 43213 7c058c8 WriteProcessMemory 43210->43213 43211 7c08ce2 43212->43211 43213->43211 43290 7c09492 43214->43290 43296 7c0945d 43214->43296 43301 7c09458 43214->43301 43215 7c08ed4 43220 7c08a17 43219->43220 43222 7c05680 ResumeThread 43220->43222 43223 7c05688 ResumeThread 43220->43223 43221 7c0907b 43222->43221 43223->43221 43225 7c0862b 43224->43225 43226 7c09265 43225->43226 43306 7c05b58 43225->43306 43310 7c05b4c 43225->43310 43226->43147 43231 7c08834 43230->43231 43232 7c08846 43231->43232 43233 7c058d0 WriteProcessMemory 43231->43233 43234 7c058c8 WriteProcessMemory 43231->43234 43232->43147 43233->43231 43234->43231 43236 7c09073 43235->43236 43238 7c05680 ResumeThread 43236->43238 43239 7c05688 ResumeThread 43236->43239 43237 7c0907b 43238->43237 43239->43237 43314 7c05810 43240->43314 43318 7c05809 43240->43318 43241 7c0885f 43248 7c058d0 WriteProcessMemory 43241->43248 43249 7c058c8 WriteProcessMemory 43241->43249 43242 7c08834 43243 7c08846 43242->43243 43246 7c058d0 WriteProcessMemory 43242->43246 43247 7c058c8 WriteProcessMemory 43242->43247 43243->43147 43246->43242 43247->43242 43248->43242 43249->43242 43251 7c0909a 43250->43251 43253 7c08846 43250->43253 43256 7c058d0 WriteProcessMemory 43251->43256 43257 7c058c8 WriteProcessMemory 43251->43257 43252 7c08834 43252->43253 43254 7c058d0 WriteProcessMemory 43252->43254 43255 7c058c8 WriteProcessMemory 43252->43255 43253->43147 43254->43252 43255->43252 43256->43252 43257->43252 43259 7c05688 ResumeThread 43258->43259 43261 7c056f9 43259->43261 43261->43194 43263 7c056c8 ResumeThread 43262->43263 43265 7c056f9 43263->43265 43265->43194 43267 7c0577d Wow64SetThreadContext 43266->43267 43269 7c057c5 43267->43269 43269->43198 43271 7c05738 Wow64SetThreadContext 43270->43271 43273 7c057c5 43271->43273 43273->43198 43275 7c05918 WriteProcessMemory 43274->43275 43277 7c0596f 43275->43277 43277->43202 43279 7c058d0 WriteProcessMemory 43278->43279 43281 7c0596f 43279->43281 43281->43202 43283 7c05a0b ReadProcessMemory 43282->43283 43285 7c05a4f 43283->43285 43285->43207 43287 7c059c0 ReadProcessMemory 43286->43287 43289 7c05a4f 43287->43289 43289->43207 43291 7c09458 43290->43291 43292 7c0949f 43291->43292 43294 7c05731 Wow64SetThreadContext 43291->43294 43295 7c05738 Wow64SetThreadContext 43291->43295 43292->43215 43293 7c09483 43293->43215 43294->43293 43295->43293 43297 7c0946d 43296->43297 43299 7c05731 Wow64SetThreadContext 43297->43299 43300 7c05738 Wow64SetThreadContext 43297->43300 43298 7c09483 43298->43215 43299->43298 43300->43298 43302 7c0946d 43301->43302 43304 7c05731 Wow64SetThreadContext 43302->43304 43305 7c05738 Wow64SetThreadContext 43302->43305 43303 7c09483 43303->43215 43304->43303 43305->43303 43307 7c05be1 CreateProcessA 43306->43307 43309 7c05da3 43307->43309 43311 7c05b58 CreateProcessA 43310->43311 43313 7c05da3 43311->43313 43315 7c05850 VirtualAllocEx 43314->43315 43317 7c0588d 43315->43317 43317->43241 43319 7c05810 VirtualAllocEx 43318->43319 43321 7c0588d 43319->43321 43321->43241 43322 78a77c8 43323 78a77e0 43322->43323 43324 78a786d 43323->43324 43325 7c09492 2 API calls 43323->43325 43325->43324 43130 115d580 43131 115d5c6 GetCurrentProcess 43130->43131 43133 115d611 43131->43133 43134 115d618 GetCurrentThread 43131->43134 43133->43134 43135 115d655 GetCurrentProcess 43134->43135 43136 115d64e 43134->43136 43137 115d68b 43135->43137 43136->43135 43138 115d6b3 GetCurrentThreadId 43137->43138 43139 115d6e4 43138->43139 43114 7c094c8 43115 7c09653 43114->43115 43117 7c094ee 43114->43117 43117->43115 43118 7c02550 43117->43118 43119 7c09748 PostMessageW 43118->43119 43120 7c097b4 43119->43120 43120->43117 43121 115b218 43124 115b300 43121->43124 43122 115b227 43125 115b2b5 43124->43125 43127 115b30a 43124->43127 43125->43122 43126 115b344 43126->43122 43127->43126 43128 115b548 GetModuleHandleW 43127->43128 43129 115b575 43128->43129 43129->43122 43326 115d7c8 DuplicateHandle 43327 115d85e 43326->43327 43328 1154668 43329 115467a 43328->43329 43330 1154686 43329->43330 43332 1154778 43329->43332 43333 115479d 43332->43333 43337 1154878 43333->43337 43341 1154888 43333->43341 43334 11547a7 43334->43330 43338 1154888 43337->43338 43340 115498c 43338->43340 43345 11544b4 43338->43345 43340->43334 43342 11548af 43341->43342 43343 11544b4 CreateActCtxA 43342->43343 43344 115498c 43342->43344 43343->43344 43344->43334 43346 1155918 CreateActCtxA 43345->43346 43348 11559db 43346->43348

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 05EB4128 Relevance: 15.1, Strings: 10, Instructions: 2597COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1693850870.0000000005EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5eb0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: (okq$4'kq$4'kq$4'kq$4'kq$4'kq$4'kq$4|pq$4|pq$$kq
                                                                                                                                                                                                                                  • API String ID: 0-267164343
                                                                                                                                                                                                                                  • Opcode ID: 0df1499512f7f3e314236839cc54cc965ab85a4ae2e0f97aab87c0856b85d89f
                                                                                                                                                                                                                                  • Instruction ID: c70284835bf8af41845d80106bde6b2527d03b56b396a660bfb4ef56be115063
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0df1499512f7f3e314236839cc54cc965ab85a4ae2e0f97aab87c0856b85d89f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD430974A01219CFEB24DF28C988A9EB7B2BF88311F1595D5D449AB3A1DB71ED81CF40
                                                                                                                                                                                                                                  Function 05EB3668 Relevance: 7.0, Strings: 5, Instructions: 721COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1693850870.0000000005EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5eb0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: (okq$(okq$,oq$,oq$Hoq
                                                                                                                                                                                                                                  • API String ID: 0-811331273
                                                                                                                                                                                                                                  • Opcode ID: 73cb2708ee6976fe80516d13e06633739ec4158615bae8773d9a4532bea2aa3c
                                                                                                                                                                                                                                  • Instruction ID: 1c8352e2ca70078122fddc3bd077d287265dec576acaecc739f0d77f3fb9ad0a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73cb2708ee6976fe80516d13e06633739ec4158615bae8773d9a4532bea2aa3c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C152AF34B00115DFEB14DF69C885AEEBBB3BF88315B159569E8429B360DB71EC41CB90
                                                                                                                                                                                                                                  Function 01153E34 Relevance: 2.7, Strings: 2, Instructions: 196COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1540 1153e34-1156fc2 1543 1156fc4 1540->1543 1544 1156fc9-1157153 call 1155c74 call 1155c84 call 1155c94 call 1155ca4 call 11501f8 * 4 1540->1544 1543->1544 1576 1157155-115715b 1544->1576 1577 1157160-1157247 1544->1577 1578 1157252-115725f 1576->1578 1590 115724f 1577->1590 1590->1578
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1684065687.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1150000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: `Yyl$t^yl
                                                                                                                                                                                                                                  • API String ID: 0-4194465095
                                                                                                                                                                                                                                  • Opcode ID: 35b1a55f0f3e8930acd0d7ac8f309fc421fbe268f5630c278fdd2d88c67de8dc
                                                                                                                                                                                                                                  • Instruction ID: f9d19cde587e86765e9958020a81b2bfc2e77dac6e148ccaf842396b45beef43
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35b1a55f0f3e8930acd0d7ac8f309fc421fbe268f5630c278fdd2d88c67de8dc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C81C374E00209CFDF48DFA9DA94A9EBBB2BF88304F108529E415BB369DB359945CF50
                                                                                                                                                                                                                                  Function 01156F90 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1649 1156f90-1156fc2 1650 1156fc4 1649->1650 1651 1156fc9-115701f call 1155c74 call 1155c84 1649->1651 1650->1651 1659 115702a-115704d call 1155c94 call 1155ca4 1651->1659 1663 1157052-1157153 call 11501f8 * 4 1659->1663 1683 1157155-115715b 1663->1683 1684 1157160-115722e 1663->1684 1685 1157252-115725f 1683->1685 1696 1157238-1157247 1684->1696 1697 115724f 1696->1697 1697->1685
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1684065687.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1150000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: `Yyl$t^yl
                                                                                                                                                                                                                                  • API String ID: 0-4194465095
                                                                                                                                                                                                                                  • Opcode ID: d7281e1d88d346099069846d08976c3c2f2bdfee62da35b0580f78164c38d352
                                                                                                                                                                                                                                  • Instruction ID: c7b665333304de91b0a11803a710ca5fd4d5532d8b39c49ed54999aafbfd55c7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7281e1d88d346099069846d08976c3c2f2bdfee62da35b0580f78164c38d352
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3751E470E00249CFCB48DFA9D994ADEBBB2BF89304F14852AD415BB369DB349945CF90
                                                                                                                                                                                                                                  Function 05EB1240 Relevance: 1.9, Strings: 1, Instructions: 649COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1756 5eb1240-5eb1271 1757 5eb1278-5eb133d 1756->1757 1758 5eb1273 1756->1758 1764 5eb138b-5eb139c 1757->1764 1758->1757 1765 5eb133f-5eb1377 1764->1765 1766 5eb139e-5eb1406 1764->1766 1769 5eb1379 1765->1769 1770 5eb137e-5eb1388 1765->1770 1774 5eb1c60-5eb1c8b 1766->1774 1769->1770 1770->1764 1776 5eb1cb8-5eb1cba 1774->1776 1777 5eb1c8d-5eb1cb6 1774->1777 1778 5eb1cc0-5eb1cd4 1776->1778 1777->1778 1780 5eb140b-5eb1412 1778->1780 1781 5eb1cda-5eb1ce1 1778->1781 1782 5eb1464-5eb149f 1780->1782 1784 5eb14a5-5eb14ae 1782->1784 1785 5eb1414-5eb142a 1782->1785 1786 5eb14b1-5eb14e5 1784->1786 1787 5eb142c 1785->1787 1788 5eb1431-5eb144f 1785->1788 1792 5eb14e7-5eb1501 1786->1792 1793 5eb1504-5eb152b 1786->1793 1787->1788 1789 5eb1451 1788->1789 1790 5eb1456-5eb1461 1788->1790 1789->1790 1790->1782 1792->1793 1796 5eb1558 1793->1796 1797 5eb152d-5eb1556 1793->1797 1798 5eb1562-5eb1570 1796->1798 1797->1798 1800 5eb1660-5eb170d 1798->1800 1801 5eb1576-5eb157d 1798->1801 1825 5eb170f 1800->1825 1826 5eb1713-5eb1715 1800->1826 1802 5eb1643-5eb1654 1801->1802 1803 5eb165a-5eb165b 1802->1803 1804 5eb1582-5eb1598 1802->1804 1808 5eb1c07-5eb1c42 1803->1808 1806 5eb159a 1804->1806 1807 5eb159f-5eb15fd 1804->1807 1806->1807 1819 5eb15ff 1807->1819 1820 5eb1604-5eb1629 1807->1820 1808->1786 1812 5eb1c48-5eb1c5f 1808->1812 1812->1774 1819->1820 1823 5eb162b-5eb1637 1820->1823 1824 5eb163f-5eb1640 1820->1824 1823->1824 1824->1802 1827 5eb1711 1825->1827 1828 5eb1717 1825->1828 1829 5eb171c-5eb1723 1826->1829 1827->1826 1828->1829 1830 5eb1731-5eb1762 1829->1830 1831 5eb1725-5eb172e 1829->1831 1833 5eb17b5-5eb17f0 1830->1833 1831->1830 1835 5eb17f6-5eb1809 1833->1835 1836 5eb1764-5eb1779 1833->1836 1842 5eb180b-5eb19b2 1835->1842 1843 5eb1811-5eb18dd 1835->1843 1838 5eb177b 1836->1838 1839 5eb1780-5eb179e 1836->1839 1838->1839 1840 5eb17a0 1839->1840 1841 5eb17a5-5eb17b2 1839->1841 1840->1841 1841->1833 1846 5eb19ba-5eb1a59 1842->1846 1847 5eb19b4-5eb19b5 1842->1847 1863 5eb18e7-5eb18fd 1843->1863 1867 5eb1a5b 1846->1867 1868 5eb1a60-5eb1a92 1846->1868 1848 5eb1bc2-5eb1bef 1847->1848 1854 5eb1bf1-5eb1c05 1848->1854 1855 5eb1c06 1848->1855 1854->1855 1855->1808 1865 5eb18ff 1863->1865 1866 5eb1904-5eb1917 1863->1866 1865->1866 1869 5eb1919 1866->1869 1870 5eb191e-5eb192b 1866->1870 1867->1868 1874 5eb1a99-5eb1acb 1868->1874 1875 5eb1a94 1868->1875 1869->1870 1871 5eb192d 1870->1871 1872 5eb1932-5eb1956 1870->1872 1871->1872 1878 5eb1958 1872->1878 1879 5eb195d-5eb1977 1872->1879 1880 5eb1acd 1874->1880 1881 5eb1ad2-5eb1b2f 1874->1881 1875->1874 1878->1879 1882 5eb1979-5eb1998 1879->1882 1883 5eb19a2-5eb19a3 1879->1883 1880->1881 1888 5eb1b81-5eb1ba3 1881->1888 1889 5eb1b31-5eb1b7b 1881->1889 1884 5eb199a 1882->1884 1885 5eb199f 1882->1885 1883->1848 1884->1885 1885->1883 1893 5eb1bad-5eb1bc0 1888->1893 1889->1888 1893->1848
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1693850870.0000000005EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5eb0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: d
                                                                                                                                                                                                                                  • API String ID: 0-2564639436
                                                                                                                                                                                                                                  • Opcode ID: 6f20867408ef9afc2c4442c0a2a80c1c523f23fcc4dabc09de11bbd516651da5
                                                                                                                                                                                                                                  • Instruction ID: 3e06d8aaf8bd786435de7eb0edea925fd1f450358d9debaebb6068ecd10089f7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f20867408ef9afc2c4442c0a2a80c1c523f23fcc4dabc09de11bbd516651da5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C462E174E01228CFDB28DF69C994BDEBBB2BB49311F1091E9D449A7255DB30AE85CF40
                                                                                                                                                                                                                                  Function 07C09FF5 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 307e926e72afc9b7fd79875e2a84b72647cdbab48ba1e103eb9f70580e081796
                                                                                                                                                                                                                                  • Instruction ID: 96ddbc3a6ddfd4ee2800b4644065c075df0e8bb99ad62994ed7f6da6457bc748
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 307e926e72afc9b7fd79875e2a84b72647cdbab48ba1e103eb9f70580e081796
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD22CBB07417058FDB19DB69D590BAEB7F6AF89304F208469E506DB3A1DB30EE01CB91
                                                                                                                                                                                                                                  Function 07C085E9 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 23d44ca4edd1278dbb0a4c9ec39585df09152089c7f4420fea480f0f2e002252
                                                                                                                                                                                                                                  • Instruction ID: 7fedb813208e009cd0ffc4c9e5a313890e0974ebd502a05678be6541cf353fb3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23d44ca4edd1278dbb0a4c9ec39585df09152089c7f4420fea480f0f2e002252
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 058123B5D45229CBDB24CF66C8447E9BBF6BF89300F10C1AAD40DA6294EB705AC5CF80
                                                                                                                                                                                                                                  Function 07C00040 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ad0fd9b505d998072dc38e38b47723f233702151ecec3d16d8fd959d4ccef007
                                                                                                                                                                                                                                  • Instruction ID: e3b2ca5d5e86e4cfdde5c68e55d2985c3d84e5372de643b3912a2aa4eac7a2b6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad0fd9b505d998072dc38e38b47723f233702151ecec3d16d8fd959d4ccef007
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A42190B0E016188BEB18CFABC9457DEFEF6AFC9304F14C06AD409762A4DB7409858F90
                                                                                                                                                                                                                                  Function 0115D570 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1297 115d570-115d60f GetCurrentProcess 1301 115d611-115d617 1297->1301 1302 115d618-115d64c GetCurrentThread 1297->1302 1301->1302 1303 115d655-115d689 GetCurrentProcess 1302->1303 1304 115d64e-115d654 1302->1304 1306 115d692-115d6ad call 115d75a 1303->1306 1307 115d68b-115d691 1303->1307 1304->1303 1310 115d6b3-115d6e2 GetCurrentThreadId 1306->1310 1307->1306 1311 115d6e4-115d6ea 1310->1311 1312 115d6eb-115d74d 1310->1312 1311->1312
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0115D5FE
                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 0115D63B
                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0115D678
                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0115D6D1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1684065687.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1150000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                                                                                                                  • Opcode ID: 55603b73496220e54275512f472b538d897b2bb6e8efbe3ca8a3d7497982b725
                                                                                                                                                                                                                                  • Instruction ID: b51fb8c2c24a4c14677fca32e9cd5fcf009c7ccfef54dddc6b989615a3fb1243
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55603b73496220e54275512f472b538d897b2bb6e8efbe3ca8a3d7497982b725
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 635166B0900249CFDB58CFA9D6887DEBBF1EF48304F20C459E459B7260D7349985CB65
                                                                                                                                                                                                                                  Function 0115D580 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1319 115d580-115d60f GetCurrentProcess 1323 115d611-115d617 1319->1323 1324 115d618-115d64c GetCurrentThread 1319->1324 1323->1324 1325 115d655-115d689 GetCurrentProcess 1324->1325 1326 115d64e-115d654 1324->1326 1328 115d692-115d6ad call 115d75a 1325->1328 1329 115d68b-115d691 1325->1329 1326->1325 1332 115d6b3-115d6e2 GetCurrentThreadId 1328->1332 1329->1328 1333 115d6e4-115d6ea 1332->1333 1334 115d6eb-115d74d 1332->1334 1333->1334
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0115D5FE
                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 0115D63B
                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0115D678
                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0115D6D1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1684065687.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1150000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                                                                                                                  • Opcode ID: 6734bf2c19fe9202d1f7c2484495a7f8d5c0cf648557194a10bf42aa112f560b
                                                                                                                                                                                                                                  • Instruction ID: b284e505f9b5f0d9aaa7cc50726433a3e0f7d42efa17af2ea0ea117c9cf50495
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6734bf2c19fe9202d1f7c2484495a7f8d5c0cf648557194a10bf42aa112f560b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF5145B0900209CFDB58DFA9D688BDEBBF5EB48314F20C469D429B7260D7349985CF65
                                                                                                                                                                                                                                  Function 078A9260 Relevance: 3.8, Strings: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1468 78a9260-78a9276 1469 78a927b-78a927e 1468->1469 1470 78a9333-78a9342 1468->1470 1472 78a9280 1469->1472 1473 78a9287-78a9331 1469->1473 1476 78a934d-78a93ae 1470->1476 1472->1470 1472->1473 1474 78a92b7-78a92d5 1472->1474 1475 78a9315-78a9329 1472->1475 1485 78a932a 1473->1485 1482 78a92dc-78a92e9 1474->1482 1483 78a92d7-78a92da 1474->1483 1476->1485 1486 78a92eb-78a92fa 1482->1486 1483->1486 1485->1469 1491 78a92fc-78a9302 1486->1491 1492 78a9312 1486->1492 1494 78a9306-78a9308 1491->1494 1495 78a9304 1491->1495 1492->1475 1494->1492 1495->1492
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 8oq$8oq$8oq
                                                                                                                                                                                                                                  • API String ID: 0-3142328661
                                                                                                                                                                                                                                  • Opcode ID: 0d0f2fb263fd73e300c6b4172b3b730d8145ec48b2d4a1b393c12e533c9fa4d6
                                                                                                                                                                                                                                  • Instruction ID: cb9ec011931fdbf73f643ee2c9a0e8892d0abb0cfc0453bdff7d4a53af7ea628
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d0f2fb263fd73e300c6b4172b3b730d8145ec48b2d4a1b393c12e533c9fa4d6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7731CBB4E1C20EFFEB009AA4C44557E76B5EBD6318F115026D557E73C4DA316C0287A2
                                                                                                                                                                                                                                  Function 078A839F Relevance: 3.8, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1528 78a839f-78a83d7 1530 78a83e0-78a83e2 1528->1530 1531 78a83fa-78a8417 1530->1531 1532 78a83e4-78a83ea 1530->1532 1536 78a841d-78a8513 1531->1536 1537 78a8582-78a8587 1531->1537 1533 78a83ee-78a83f0 1532->1533 1534 78a83ec 1532->1534 1533->1531 1534->1531
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 8$$kq$$kq
                                                                                                                                                                                                                                  • API String ID: 0-3705916258
                                                                                                                                                                                                                                  • Opcode ID: 16140f98de2701e7f6f7e0f7b440fa5705d344856517acac9c4b84cf3c498d1a
                                                                                                                                                                                                                                  • Instruction ID: 1ce6330ddf3877eb7caa5054be6f4f68db7592e392493356ce520fe9ed3acdd0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16140f98de2701e7f6f7e0f7b440fa5705d344856517acac9c4b84cf3c498d1a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7014EB0B50309DBFB249B34DC167993661BB20304F148C55EC02DF682EAB59C40C7B1
                                                                                                                                                                                                                                  Function 078A2AC7 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1591 78a2ac7-78a2ad0 1592 78a2ad2-78a2ae7 1591->1592 1593 78a2aa5-78a2aaa 1591->1593 1594 78a2aef-78a2af1 1592->1594 1595 78a2b0b-78a2b78 call 78a20d8 1594->1595 1596 78a2af3-78a2b08 1594->1596 1605 78a2b7e-78a2b80 1595->1605 1606 78a2c24-78a2c3b 1595->1606 1607 78a2cb0-78a2cee 1605->1607 1608 78a2b86-78a2b91 call 78a22f0 1605->1608 1621 78a2c3d-78a2c3f 1606->1621 1622 78a2c41 1606->1622 1613 78a2bae-78a2bb2 1608->1613 1614 78a2b93-78a2b95 1608->1614 1618 78a2c11-78a2c1a 1613->1618 1619 78a2bb4-78a2bc8 call 78a2418 1613->1619 1616 78a2ba0-78a2bab call 78a16cc 1614->1616 1617 78a2b97-78a2b9e 1614->1617 1616->1613 1617->1613 1631 78a2bca-78a2bdb call 78a16cc 1619->1631 1632 78a2bde-78a2be2 1619->1632 1625 78a2c46-78a2c48 1621->1625 1622->1625 1626 78a2c4a-78a2c76 1625->1626 1627 78a2c7d-78a2ca9 1625->1627 1626->1627 1627->1607 1631->1632 1633 78a2bea-78a2c03 1632->1633 1634 78a2be4 1632->1634 1642 78a2c0e 1633->1642 1643 78a2c05 1633->1643 1634->1633 1642->1618 1643->1642
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: (oq$Hoq
                                                                                                                                                                                                                                  • API String ID: 0-3084834809
                                                                                                                                                                                                                                  • Opcode ID: 65c14075cfd84ef16c50ec9ea9e39491db07c43ad22156395e583a7d568c3322
                                                                                                                                                                                                                                  • Instruction ID: 8dc37741b9bb104c049a735b0085ab285daa4b5be42b3b1b78f9b8f5f0bffc1b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65c14075cfd84ef16c50ec9ea9e39491db07c43ad22156395e583a7d568c3322
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E51F7B1B00219AFEB28AF7999046AE7AE6FFD8350F148439D405E7394DF358D02C795
                                                                                                                                                                                                                                  Function 078A9250 Relevance: 2.6, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1698 78a9250-78a925d 1699 78a925f-78a9276 1698->1699 1700 78a9235-78a9240 1698->1700 1701 78a9333-78a9342 1699->1701 1703 78a934d-78a93ae 1701->1703 1718 78a932a 1703->1718 1720 78a9280 1718->1720 1721 78a9287-78a9331 1718->1721 1720->1701 1720->1721 1722 78a92b7-78a92d5 1720->1722 1723 78a9315-78a9329 1720->1723 1721->1718 1728 78a92dc-78a92e9 1722->1728 1729 78a92d7-78a92da 1722->1729 1730 78a92eb-78a92fa 1728->1730 1729->1730 1733 78a92fc-78a9302 1730->1733 1734 78a9312 1730->1734 1735 78a9306-78a9308 1733->1735 1736 78a9304 1733->1736 1734->1723 1735->1734 1736->1734
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 8oq$8oq
                                                                                                                                                                                                                                  • API String ID: 0-150699234
                                                                                                                                                                                                                                  • Opcode ID: a55692dff77a8d003420c93ddd381a90672e0990fe1302ca821ad7a6403ec71a
                                                                                                                                                                                                                                  • Instruction ID: 1b5f32b123248388c16122c8e0ce70e821178c0617fae80ca2834daa3275d419
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a55692dff77a8d003420c93ddd381a90672e0990fe1302ca821ad7a6403ec71a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 513129F4E1C20EFFEB008AA4C44157E77B1EBA6208F114056D557E73C1D731A802C752
                                                                                                                                                                                                                                  Function 078A82D0 Relevance: 2.6, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1737 78a82d0-78a82dc 1738 78a82de-78a8335 call 78a839f 1737->1738 1739 78a8333 1737->1739 1741 78a833b-78a833d 1738->1741 1739->1738 1745 78a82fc-78a830b 1741->1745 1746 78a82e6-78a82ec 1741->1746 1749 78a833f-78a851f 1745->1749 1750 78a830d-78a831a 1745->1750 1747 78a82ee 1746->1747 1748 78a82f0-78a82f2 1746->1748 1747->1745 1748->1745 1750->1749 1751 78a831c-78a8332 1750->1751
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $kq$$kq
                                                                                                                                                                                                                                  • API String ID: 0-3550614674
                                                                                                                                                                                                                                  • Opcode ID: 90c5fb7ea072800883676804975756b15e9994431518b6adef9d5b62cd0514c6
                                                                                                                                                                                                                                  • Instruction ID: 18e1405b1fe0823f5d536aea08edb09be652d379b649ddf519d112457a3e725a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90c5fb7ea072800883676804975756b15e9994431518b6adef9d5b62cd0514c6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD1108B0D19249EFE316DB28C90427A7FB5FB16208F0441AFD00AC7142D7748941C7B6
                                                                                                                                                                                                                                  Function 07C05B4C Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1895 7c05b4c-7c05bed 1898 7c05c26-7c05c46 1895->1898 1899 7c05bef-7c05bf9 1895->1899 1904 7c05c48-7c05c52 1898->1904 1905 7c05c7f-7c05cae 1898->1905 1899->1898 1900 7c05bfb-7c05bfd 1899->1900 1902 7c05c20-7c05c23 1900->1902 1903 7c05bff-7c05c09 1900->1903 1902->1898 1906 7c05c0b 1903->1906 1907 7c05c0d-7c05c1c 1903->1907 1904->1905 1908 7c05c54-7c05c56 1904->1908 1915 7c05cb0-7c05cba 1905->1915 1916 7c05ce7-7c05da1 CreateProcessA 1905->1916 1906->1907 1907->1907 1909 7c05c1e 1907->1909 1910 7c05c58-7c05c62 1908->1910 1911 7c05c79-7c05c7c 1908->1911 1909->1902 1913 7c05c64 1910->1913 1914 7c05c66-7c05c75 1910->1914 1911->1905 1913->1914 1914->1914 1917 7c05c77 1914->1917 1915->1916 1918 7c05cbc-7c05cbe 1915->1918 1927 7c05da3-7c05da9 1916->1927 1928 7c05daa-7c05e30 1916->1928 1917->1911 1920 7c05cc0-7c05cca 1918->1920 1921 7c05ce1-7c05ce4 1918->1921 1922 7c05ccc 1920->1922 1923 7c05cce-7c05cdd 1920->1923 1921->1916 1922->1923 1923->1923 1924 7c05cdf 1923->1924 1924->1921 1927->1928 1938 7c05e40-7c05e44 1928->1938 1939 7c05e32-7c05e36 1928->1939 1941 7c05e54-7c05e58 1938->1941 1942 7c05e46-7c05e4a 1938->1942 1939->1938 1940 7c05e38 1939->1940 1940->1938 1944 7c05e68-7c05e6c 1941->1944 1945 7c05e5a-7c05e5e 1941->1945 1942->1941 1943 7c05e4c 1942->1943 1943->1941 1946 7c05e7e-7c05e85 1944->1946 1947 7c05e6e-7c05e74 1944->1947 1945->1944 1948 7c05e60 1945->1948 1949 7c05e87-7c05e96 1946->1949 1950 7c05e9c 1946->1950 1947->1946 1948->1944 1949->1950 1952 7c05e9d 1950->1952 1952->1952
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07C05D8E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                                                                                                  • Opcode ID: dacff16220d760039b8fd270fd96f82f2fceed9bdaf81804b3187e6b9d8f8ba2
                                                                                                                                                                                                                                  • Instruction ID: 85b856e47206d2b6b27273a7183f7e463f5dfa8cefe8afb4b24ddb51df2fd5e1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dacff16220d760039b8fd270fd96f82f2fceed9bdaf81804b3187e6b9d8f8ba2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21A18EB1D0021ADFDB10CFA8D880BDDBBB2BF48310F1485A9D858A7290DB749A95CFD1
                                                                                                                                                                                                                                  Function 07C05B58 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07C05D8E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                                                                                                  • Opcode ID: 0ed1f3a03a9d94fe63884da892e04e050dc91884cc6464318a8af50d5c1c1551
                                                                                                                                                                                                                                  • Instruction ID: 341f22d10eb12c16b8bcbb42b6645470f1bfe8337db654b632e58c366b619c04
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ed1f3a03a9d94fe63884da892e04e050dc91884cc6464318a8af50d5c1c1551
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E918CB1D0021ACFDB14CFA8D880BDDBBB2BF48310F1485A9D858A7290DB749A95CFD1
                                                                                                                                                                                                                                  Function 0115B300 Relevance: 1.7, APIs: 1, Instructions: 233COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0115B566
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1684065687.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1150000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: 6dee92c375a94b1f20021d699f104549f0b980a666eae09abba11f5a13401df2
                                                                                                                                                                                                                                  • Instruction ID: be115e43c00bcec41947824fb38b8db721e3743b9215f69df313a17fbae30391
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6dee92c375a94b1f20021d699f104549f0b980a666eae09abba11f5a13401df2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25916670A04B40CFD7A9DF29D44075ABBF2FF88304F008A2AD896DBA51D735E949CB94
                                                                                                                                                                                                                                  Function 0115590C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 011559C9
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1684065687.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1150000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 3b2b213948a7368f536f4556b8250510905d2d553f96a847215dc4d83cddc3fd
                                                                                                                                                                                                                                  • Instruction ID: 8a7609e9336a6461fdfcf9d776415f812bfbd54833d45765d13c5fdd7a7b9991
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b2b213948a7368f536f4556b8250510905d2d553f96a847215dc4d83cddc3fd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8841F2B0C00319CFDB68CFA9C8847CEBBB2BF49304F24805AD418AB255D7755985CF90
                                                                                                                                                                                                                                  Function 011544B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 011559C9
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1684065687.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1150000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 7be617f0e9940bb4dd60f79e3d68b80c3ee082208c8d2a04e489edd6207ebfa1
                                                                                                                                                                                                                                  • Instruction ID: 0fc1babf73aaca95f76398435e837876964300ad36748def3c275e95d30d12bf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7be617f0e9940bb4dd60f79e3d68b80c3ee082208c8d2a04e489edd6207ebfa1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5541D2B0C00719CFDB68DFA9C9847CEBBB6BF49304F24806AD418AB255DB756985CF90
                                                                                                                                                                                                                                  Function 07C058C8 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07C05960
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                                                                                                  • Opcode ID: aeb4914c0a0d36fc4469b9b67485fa130c18d7f8514346b30e63fcbd8aacd528
                                                                                                                                                                                                                                  • Instruction ID: 233faa901b41850f8b912d67f00fe87d033e05e16b42fcea02b32a6cdf427dd7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aeb4914c0a0d36fc4469b9b67485fa130c18d7f8514346b30e63fcbd8aacd528
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 122137B5900359DFCB10DFA9D881BDEBBF4FF48320F10842AE958A7250D7789954CBA4
                                                                                                                                                                                                                                  Function 07C058D0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07C05960
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                                                                                                  • Opcode ID: 9f0e65fdfb63433a705bf929e3798ea035270692bd30e20038888cff05cda0d0
                                                                                                                                                                                                                                  • Instruction ID: 684357955dd55be1e863c9c55690215a5c53199421901059d747e42b65524c17
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f0e65fdfb63433a705bf929e3798ea035270692bd30e20038888cff05cda0d0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 312146B59003199FCB10CFA9D880BDEBBF4FF48320F10842AE958A7250C7789954CFA0
                                                                                                                                                                                                                                  Function 07C059B8 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07C05A40
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                                                                                  • Opcode ID: 1db29ef70e4d17c7621cd43d3ce1e2bae98aa9a81e1beab249321a4c2797c566
                                                                                                                                                                                                                                  • Instruction ID: ca52e3d9da6c48688e72d51ce16ee3e1257cebf8e02c3430277e8dfba06d1b9c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1db29ef70e4d17c7621cd43d3ce1e2bae98aa9a81e1beab249321a4c2797c566
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA2116B1C003599FCB10DFAAD881AEEBBF5FF48320F10882AE559A7250D7349954CFA5
                                                                                                                                                                                                                                  Function 07C05731 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07C057B6
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                                                                                                                  • Opcode ID: 3e27371b0ce50e3884f559a936e3459dfa4d6d28f05b32cea0ba7edeed4c22ad
                                                                                                                                                                                                                                  • Instruction ID: b242913808524c0639b701fef9183a4487a2251db1966ca2f915c6923e72a129
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e27371b0ce50e3884f559a936e3459dfa4d6d28f05b32cea0ba7edeed4c22ad
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A212AB1D103098FDB10DFAAC4857EEBFF4AB48324F148429D459A7251D7789944CFA5
                                                                                                                                                                                                                                  Function 0115D7C0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0115D84F
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1684065687.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1150000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: 950beec31c3ac68d15fdb25804b36df631dfb821c548f032f52585e7b83d74a5
                                                                                                                                                                                                                                  • Instruction ID: c11dea5a8bae373da7db3748c59837219d0809020b55cdb1145099de6a52368f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 950beec31c3ac68d15fdb25804b36df631dfb821c548f032f52585e7b83d74a5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5121E3B5D00248EFDB10CFA9D985AEEBFF4FB08320F14845AE958A7250D375A954CF61
                                                                                                                                                                                                                                  Function 07C05738 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07C057B6
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                                                                                                                  • Opcode ID: 4d88c44efd70219f6f929add5692a45a98f541eafcc7c1841222d6bc8f37853d
                                                                                                                                                                                                                                  • Instruction ID: 5bd096e3eddf2875802fc7caab6c68c9e067d4ea68c7535bfd5d2f9e3fd9ebd6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d88c44efd70219f6f929add5692a45a98f541eafcc7c1841222d6bc8f37853d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 092118B1D103098FDB10DFAAC485BEEBBF4EF48324F148429D459A7251D778AA44CFA5
                                                                                                                                                                                                                                  Function 07C059C0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07C05A40
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                                                                                  • Opcode ID: 3becc06d6d55df034902ca2de8bca4d11ff43c8582af9c8343970d99e59185dd
                                                                                                                                                                                                                                  • Instruction ID: d8176dce5908fea197ec2fc4d569cc7853923f841a2809aa8c5ac66cfea6045e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3becc06d6d55df034902ca2de8bca4d11ff43c8582af9c8343970d99e59185dd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 112128B1C003599FCB10DFAAC880AEEBBF5FF48320F108429E559A7250D7349954CFA4
                                                                                                                                                                                                                                  Function 0115D7C8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0115D84F
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1684065687.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1150000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: 15d362c81c957a29d9d96eeb44c3d291f1b83a756f1fc73f732a3cae8c769928
                                                                                                                                                                                                                                  • Instruction ID: 8e440f3c2871ea16ebd49d15a976b557569a5845283dc3594a4d57d3fecef0c0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15d362c81c957a29d9d96eeb44c3d291f1b83a756f1fc73f732a3cae8c769928
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE21B3B5900258DFDB10CF9AD584ADEBFF4FB48320F14841AE958A7250D374A954CFA5
                                                                                                                                                                                                                                  Function 07C05809 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07C0587E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                  • Opcode ID: 6a04f4a134e57a35a806f017cf77e230fd7bcd0f2e25448f2310d8cc8542fbe2
                                                                                                                                                                                                                                  • Instruction ID: c771e40aaf8147bbb1f5c509d0bc0b4cc83e34c9d9defd707316cecc70ddc163
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a04f4a134e57a35a806f017cf77e230fd7bcd0f2e25448f2310d8cc8542fbe2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B11159B1800249DFCB20DFAAD844ADEBFF5EF48324F148819E559A7260D735A954CFE0
                                                                                                                                                                                                                                  Function 07C05680 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                                                                                  • Opcode ID: ffbd6636e604be085bddcaa99ba3c5770e19decfcf17f7823dcca2dc7ca9a099
                                                                                                                                                                                                                                  • Instruction ID: baefd70b0b3a8d1566f39041b59a94881baac8eb4525c41160de00ad1f29bf9b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffbd6636e604be085bddcaa99ba3c5770e19decfcf17f7823dcca2dc7ca9a099
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F115BB1900259CFCB20DFAAD845BDEFBF4EB48320F208419D559A7650C734A944CFE4
                                                                                                                                                                                                                                  Function 07C05810 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07C0587E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                  • Opcode ID: bdbf1192c01873d6e78045a11fa558c457ce886db124bf5c9d2a300d600c8881
                                                                                                                                                                                                                                  • Instruction ID: 086d0bc9d66ecccadf9489f904e5242f9a316559df35bbbe8d6454ca06bfaec0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bdbf1192c01873d6e78045a11fa558c457ce886db124bf5c9d2a300d600c8881
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B71126B19002499FCB10DFAAD844ADEBFF5EB48320F248819E559A7260C775A954CFA0
                                                                                                                                                                                                                                  Function 07C05688 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                                                                                  • Opcode ID: 09560f5c4a85a898515619ccc25a81e2a0b8865188930acc7a15486ff7f4e2d3
                                                                                                                                                                                                                                  • Instruction ID: 1f98628bda16a6837fc0e1e9f5c20070a7338f4826e95150325d83707e154cd9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09560f5c4a85a898515619ccc25a81e2a0b8865188930acc7a15486ff7f4e2d3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 851128B19002498FDB20DFAAD44579EFBF8AB88324F248419D459A7250C775A944CFA4
                                                                                                                                                                                                                                  Function 0115B500 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0115B566
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1684065687.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1150000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: f8665c15ea55e9facb80746e071c6fdcd18c10719882b9fce0b7ec632190b8ce
                                                                                                                                                                                                                                  • Instruction ID: 6040f0c294cfbf1fcedcae41b07ed1e8023d212fdcbebbeaa77e6e299faa8332
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8665c15ea55e9facb80746e071c6fdcd18c10719882b9fce0b7ec632190b8ce
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B1140B1C00208CFCB14CF9AC444ADEFBF4AB88324F10802AC828B7210C378A544CFA4
                                                                                                                                                                                                                                  Function 07C02550 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 07C097A5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: 283fce3d67cf31a13a5f0f7963222ee424125e3f2f53f08cc05ed3afccb2539b
                                                                                                                                                                                                                                  • Instruction ID: baa4450ff2633447d6ef86f475cfd528fc64cde68346b9ec19ba0a4bc15d7d3d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 283fce3d67cf31a13a5f0f7963222ee424125e3f2f53f08cc05ed3afccb2539b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF11F2B58003499FCB10DF9AC888BDEBBF8FB59320F108459E958A7251C375A984CFE1
                                                                                                                                                                                                                                  Function 07C09742 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 07C097A5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: d66b52b463dc64a0e6ebcce0ea06e8f6009471db262d4dad04e661e6577dcabf
                                                                                                                                                                                                                                  • Instruction ID: 8f6e6d296361e71b37e7cee215eaad2f057050e7cab20247def22441bca0fc22
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d66b52b463dc64a0e6ebcce0ea06e8f6009471db262d4dad04e661e6577dcabf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD11F5B58003499FCB10DF99D889BDEBFF8EB48324F108419D954A7650C375A984CFA1
                                                                                                                                                                                                                                  Function 078A2D88 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: (oq
                                                                                                                                                                                                                                  • API String ID: 0-3175707579
                                                                                                                                                                                                                                  • Opcode ID: 756f7833e0c18a9b30053c7431cfd2f129cb1fde7bdf0129f8605bfa4b3ec1dd
                                                                                                                                                                                                                                  • Instruction ID: 4dcd06bb65c90a12b74e761758272352b4d82f905243c6fe216be7a6ad293a82
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 756f7833e0c18a9b30053c7431cfd2f129cb1fde7bdf0129f8605bfa4b3ec1dd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7661C0B1600206AFEB249F69D848BAEBBE6FFD8350F108429E806D7390DF759D45CB50
                                                                                                                                                                                                                                  Function 078A77C8 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: %*&/)(#$^@!~-_
                                                                                                                                                                                                                                  • API String ID: 0-3325533558
                                                                                                                                                                                                                                  • Opcode ID: 8d529057041bf5b68182b34155650d43021e999273dab84a6d0fd434112b38da
                                                                                                                                                                                                                                  • Instruction ID: e608ab880be28f85cb34a1db74376aac47cd09d3b375d55ce1a155d6706c7c8c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d529057041bf5b68182b34155650d43021e999273dab84a6d0fd434112b38da
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D617474B00115AFDB04AF74D455AAEBBB2FF88300F1485A9D8999F396CF70AD46C781
                                                                                                                                                                                                                                  Function 078AED28 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Tekq
                                                                                                                                                                                                                                  • API String ID: 0-2319236580
                                                                                                                                                                                                                                  • Opcode ID: 821193967168046741b1e88e6879ff19510e328cf8931694f0f16db33709875b
                                                                                                                                                                                                                                  • Instruction ID: 024dc3adfe8cf14eac917cdd6b4f2c5b5535039b9d1d984a8dc1b100a48f42c8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 821193967168046741b1e88e6879ff19510e328cf8931694f0f16db33709875b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 493106B4E142088BDB08CFAAC9456AEBBF6AF99304F109429D409AB358DB705905CF50
                                                                                                                                                                                                                                  Function 078A8E68 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $kq
                                                                                                                                                                                                                                  • API String ID: 0-3037731980
                                                                                                                                                                                                                                  • Opcode ID: 2df3b86cf6782171cc6e7b045cbbce5fb6c599aac841b334204e7fb28d96ed16
                                                                                                                                                                                                                                  • Instruction ID: 757219c471602ef5741130a705328682d1046a3fcebdd05833171e76ff55c692
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2df3b86cf6782171cc6e7b045cbbce5fb6c599aac841b334204e7fb28d96ed16
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C1106F092C289FFE3239B6485002657BE19B7320DF1444DBD146CB186D63E8821C7B7
                                                                                                                                                                                                                                  Function 078A82C1 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $kq
                                                                                                                                                                                                                                  • API String ID: 0-3037731980
                                                                                                                                                                                                                                  • Opcode ID: 2bc87aa27df05ddfd8a19a0c96198b14ea8bf4242f464994640cb19b64ebceb8
                                                                                                                                                                                                                                  • Instruction ID: ed103cbd54099d84e688e8cd7383dd72a6b3cb0f68207be5b3dfcc07a9b1a7e7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bc87aa27df05ddfd8a19a0c96198b14ea8bf4242f464994640cb19b64ebceb8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70018FF0A2964AEFF312CA54CA40274BBB1FB62248F1442ABD00ACB542D7749851C77A
                                                                                                                                                                                                                                  Function 078A6D30 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: G
                                                                                                                                                                                                                                  • API String ID: 0-985283518
                                                                                                                                                                                                                                  • Opcode ID: 9036d063adfa8f319b39b87a48f732d7dd95978c2892c91a5e4e4da56e285533
                                                                                                                                                                                                                                  • Instruction ID: 2768250c302db13ae82fba7f53b0d58b36444d509bdda5ff77006f3ce2bbe4ba
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9036d063adfa8f319b39b87a48f732d7dd95978c2892c91a5e4e4da56e285533
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4C012B051810CE7E604CE44D90952C776CD701248F040085D80D82200DF321E205651
                                                                                                                                                                                                                                  Function 078A3498 Relevance: .4, Instructions: 441COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: da35cbf0a7dd73bbcb88564962dbc34b0c239c0d24e61f456709160e0e6dba77
                                                                                                                                                                                                                                  • Instruction ID: 6d318185e62dd1e9ddc295690056dabff1f23dbb072b584a726258cefbafe7d3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da35cbf0a7dd73bbcb88564962dbc34b0c239c0d24e61f456709160e0e6dba77
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4D1DFF0F0020AEFEB15AF68C5486AEBFF1EF55244F554469E442E76A4EB31C861CB81
                                                                                                                                                                                                                                  Function 078A0480 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e463988a8fc9985e9af24d38bf38b0d7095d8f1a3c6e4929b534a61e0bec82ed
                                                                                                                                                                                                                                  • Instruction ID: 8ceb5086f31bc999da892932fc059853272fc130f4b409f97917aed82af4e345
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e463988a8fc9985e9af24d38bf38b0d7095d8f1a3c6e4929b534a61e0bec82ed
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74F1C571D1061ECBCB14DFA8C854AEDB7B5BF58300F1086A9D859B7254EB70AA89CF90
                                                                                                                                                                                                                                  Function 078A0471 Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 442cf4f700f9b2ace7af5f773c8473af1fae697e543fef80a8fbea501cecfd08
                                                                                                                                                                                                                                  • Instruction ID: d3361bd2a8e4a90cebfe6ff22bc4dd51ee1677210e2fae163090594a98f8a5f6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 442cf4f700f9b2ace7af5f773c8473af1fae697e543fef80a8fbea501cecfd08
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46E1D771D1061E8FCF14DFA8C854AEDB7B5BF58300F1086A9D459B7254EB70AA89CF90
                                                                                                                                                                                                                                  Function 078A4AB0 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6eb954b4a9a6926f6a3290f5fdd5b911e4108770f9b7326fd907482a6b63d414
                                                                                                                                                                                                                                  • Instruction ID: 3c705085ad9705858b6b1dbb8cd4a97539b296d60fc043116d922e32a7c5288e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6eb954b4a9a6926f6a3290f5fdd5b911e4108770f9b7326fd907482a6b63d414
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94A1F575910619CFDB10EF68C844A98FBB1FF59314F05C299E949BB215EB30AA89CF90
                                                                                                                                                                                                                                  Function 078A4AA1 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 65af5bac9baa9ac10723b2057c40e0680dcca97569790f1796749cc220bdec4d
                                                                                                                                                                                                                                  • Instruction ID: 8f9bf6f9ab51b0ae5e42f9071f419d73499988e8b2c32ace6be6218a54a37138
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65af5bac9baa9ac10723b2057c40e0680dcca97569790f1796749cc220bdec4d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36712571910619DFDB10DF68C884A99BBB1FF49314F05C299E948BB311EB70AA89CF80
                                                                                                                                                                                                                                  Function 078A0C38 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 291d01ddee1202da8a5bb46f7b2f157c589a0b12681fdcb9fff85044f429984a
                                                                                                                                                                                                                                  • Instruction ID: 624b1ea2176330b4a544cc20fe592e3657856eb46633614b36fcd73f8262d565
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 291d01ddee1202da8a5bb46f7b2f157c589a0b12681fdcb9fff85044f429984a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6512A71A1060A9FDF00EFA8C8948ADF7B5FF89310B109669E416F7314EB30E985CB90
                                                                                                                                                                                                                                  Function 078A1800 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 04529019380bd23ca6acbcfd59e25ec1382398bf840319398b3fee6d8faa478e
                                                                                                                                                                                                                                  • Instruction ID: 12670eb55a2a4bf9a0e2f47e059517ee8497ca0e6dbe5a259935a5186c73a618
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04529019380bd23ca6acbcfd59e25ec1382398bf840319398b3fee6d8faa478e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37417DB4F1120AEFEB18DF68D548AAEBBB6AF95301F144169E406E7394DF34C841CB91
                                                                                                                                                                                                                                  Function 078A0E40 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b1164517ee62b46a860ab158c62699c79887faace27e39c814944add13669dd1
                                                                                                                                                                                                                                  • Instruction ID: 711e344b772359f86233fae76c57c9cb403f9d45f4bb130d4bdcd8bf07576717
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1164517ee62b46a860ab158c62699c79887faace27e39c814944add13669dd1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF51A535A10609DFCB00EFA8D8848EDF7B5FF89304F00816AE515EB321EB31A945CB91
                                                                                                                                                                                                                                  Function 078A0C29 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 35e74b73b675d12586f3629851f73816ba1a97f3c05bf34780f04cce1a746fb2
                                                                                                                                                                                                                                  • Instruction ID: c3662a1005f4bcf470dda5038a5a92b31de868fb33d6f6b0f1b0836d56521f83
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35e74b73b675d12586f3629851f73816ba1a97f3c05bf34780f04cce1a746fb2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9415D71A0060A9FDB10EFA4C8945ADFBB1FF89310F149669E456F7315EB34E985CB80
                                                                                                                                                                                                                                  Function 078AC11A Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7a7235c679d4d87b13d41f89d205c9873e8229067e195041c06cbff55c3b1f75
                                                                                                                                                                                                                                  • Instruction ID: ceae8432d0a55de0e9698834f46c7a8fa68b2ca19efc6bb2181b9e45a4ce8ff3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a7235c679d4d87b13d41f89d205c9873e8229067e195041c06cbff55c3b1f75
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A41E5F4B2821DEBF7108EED899067AB7B1EB67308F108177D512DB285D73589018BB2
                                                                                                                                                                                                                                  Function 078A7A46 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 46e646ea9519217311774c1d91cb9b327321ae8b9d919f4c0442a30782cfdc49
                                                                                                                                                                                                                                  • Instruction ID: 626a8bc2dcb8116eb5489497711492c7ff358b006f355b4cb3022c1ac6d87bc2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46e646ea9519217311774c1d91cb9b327321ae8b9d919f4c0442a30782cfdc49
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4231F4B062D3899FD7019B7DD81926E7FB0EB6621AF1005A7E042C7392CA344D42D772
                                                                                                                                                                                                                                  Function 078A1198 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 03af850a3fb116c513a2113cfe9c075d267bf30262c895f9d3d3bee995643f9c
                                                                                                                                                                                                                                  • Instruction ID: e5e88ca141d558b91e74e40398ae8147df893566701b305fc27312f777be3d33
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03af850a3fb116c513a2113cfe9c075d267bf30262c895f9d3d3bee995643f9c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 173191B5E10219DFDB14DFA8D94899EBBBAFF88300F10826AE501E7360DB749C45CB91
                                                                                                                                                                                                                                  Function 078A6B44 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ebe29ea36fa60128fe2dcf03f86bb152c57016eaedbd6f57e65443e97edb5d1a
                                                                                                                                                                                                                                  • Instruction ID: 24977c577d6bbdae228d9350527bf866a202e764c1c1c90291e7177d12320b9f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebe29ea36fa60128fe2dcf03f86bb152c57016eaedbd6f57e65443e97edb5d1a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA31B6B0704208EFE704DF58D4517AABBF1EB96328F18946AD016DB349EB359D438B91
                                                                                                                                                                                                                                  Function 078A22F0 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9ed8cb0977bbd0738f09f982bc2ae6ce62d12a8f2a982d6f5013e18b9bc8b8f7
                                                                                                                                                                                                                                  • Instruction ID: b170c08f968856f27b2d994ff69dccd028c2924db884491ab687d09818059483
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ed8cb0977bbd0738f09f982bc2ae6ce62d12a8f2a982d6f5013e18b9bc8b8f7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3318D717006019FE768DF69E480A6A77F6FBCA210F108479E519CB369DB30EC458B61
                                                                                                                                                                                                                                  Function 078A17F0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: bf758ed20d48776c24bbfa614c16be450df241d69c74d81cd5e02c9d2151dd29
                                                                                                                                                                                                                                  • Instruction ID: b4fb32416d0455a3d19ee24d7d842029dfde71f30d12985ac874024fd7d9d8e8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf758ed20d48776c24bbfa614c16be450df241d69c74d81cd5e02c9d2151dd29
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E31C1B4E1120AEFEB14CF64D549AAE7BB6AF55301F184169E802E7350DF34C841CB92
                                                                                                                                                                                                                                  Function 078A7A80 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f65b692b33f4fe42213d136fa128cf38e2d9afe65821912fa0eed2c228ed378e
                                                                                                                                                                                                                                  • Instruction ID: ea7a540995ec19e1da543a09c98479dcf8e4883af06d4485d7241516a0ac8a0b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f65b692b33f4fe42213d136fa128cf38e2d9afe65821912fa0eed2c228ed378e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 532191F0B2421DAFEB049FADD81926EBAA5FBA531AF104526E403C3344DE705D429BA1
                                                                                                                                                                                                                                  Function 078A6568 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8582830880efd2c8aa09166489301f32ec18ae2f800f8f3cb0f8cb5afe70da04
                                                                                                                                                                                                                                  • Instruction ID: 6bd118ab1c5c3a2808a5532dd79034210912177d1f654807fdd5d7bbd6f0e2c3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8582830880efd2c8aa09166489301f32ec18ae2f800f8f3cb0f8cb5afe70da04
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 983114B4E1020EAFDF00DFB8D9815EEBBF2AB48314F145469E515F7354EB30AA448BA0
                                                                                                                                                                                                                                  Function 078AC318 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fa99ff5806d14a165b246a4e1b898d0c7766f8f9a1a573fbf091cf932942dec7
                                                                                                                                                                                                                                  • Instruction ID: 7e301b99a36a57c6dd892f545960350fe0b5b4b1c7f5041eccb12213cfba3383
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa99ff5806d14a165b246a4e1b898d0c7766f8f9a1a573fbf091cf932942dec7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 102103B0B5510DFFF6288E19890067A77A7BBE2708F24C0269107CB385CA75DC01837B
                                                                                                                                                                                                                                  Function 078A6C11 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 71068f56801cc278b89bd2f9c1d12844d399f951bd6826d441ad11e317bb5594
                                                                                                                                                                                                                                  • Instruction ID: 7a393e0991a4682d24c08e4932bc2979f2330cff4e465f705e3f07254ded9d6d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71068f56801cc278b89bd2f9c1d12844d399f951bd6826d441ad11e317bb5594
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B31E3B0704108EFE704CF58D49176AB7F1EBA632CF18846AD016DB349EB359D46CB91
                                                                                                                                                                                                                                  Function 078AC4E0 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 795c296ec50ca7da6ed61995b0882af14900ac5710cbc25d92eb79121a7c07c6
                                                                                                                                                                                                                                  • Instruction ID: fb6a4116fac11334914b6d60f9ab58bbad3d8c705e5bb10058acee469f436f9f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 795c296ec50ca7da6ed61995b0882af14900ac5710cbc25d92eb79121a7c07c6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D221D3F1E3D518EBFB408A29C8007797B61FB6B308F048563B122CB291C724E880CB76
                                                                                                                                                                                                                                  Function 078A0FC0 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b6625f9f37661661f52953147653b46ef5c4a91ec47daaf9dc3f04206f614ca0
                                                                                                                                                                                                                                  • Instruction ID: 3746c95136b72491da261ee5e4b711d1e3044f0a6829a3ce3e13011af1f4bac6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6625f9f37661661f52953147653b46ef5c4a91ec47daaf9dc3f04206f614ca0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94315735A10609DFCB05EFA8C4948EDBBB5FF89300F018659E5057B225FB70AA49CB91
                                                                                                                                                                                                                                  Function 078AC308 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9d07745ef77280e0b94766fc3cec28b08b3bf7119a9339dbd2af3f74aa3b4fb9
                                                                                                                                                                                                                                  • Instruction ID: 92f03091beb00614ca517d23aa14757293f795769045c7a79f89d16eb31d0f75
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d07745ef77280e0b94766fc3cec28b08b3bf7119a9339dbd2af3f74aa3b4fb9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1821C1B0B5A109FBF7248E1889006797767BBA270CF2480679147DB689CA759802837B
                                                                                                                                                                                                                                  Function 078A29E0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ea0806f92d33338d80d962c030d3524f7ca2ab5b94209a6b5300556c49ec799e
                                                                                                                                                                                                                                  • Instruction ID: 67a905b5c3d9566d2ab9d49a5af7e1a52c6b79553e77e170224fc00b7f016add
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea0806f92d33338d80d962c030d3524f7ca2ab5b94209a6b5300556c49ec799e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF21C474700106EFEB20DFAAE649B6AB7F5FB88365F004029E419D7740DB30E841CB51
                                                                                                                                                                                                                                  Function 00E6D56C Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1683778263.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_e6d000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 23499a2b9c112b6f6c782bdada33f437997ea7cdcf5ed3a78fbc9b045d9848fb
                                                                                                                                                                                                                                  • Instruction ID: eee39a6d3c6223a9363b7cb20df23961d976bbfc6e6fdd227575be0cdeb9af2f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23499a2b9c112b6f6c782bdada33f437997ea7cdcf5ed3a78fbc9b045d9848fb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9214871A88200DFCB01DF14EDC4B2ABF65FB98358F60C169D8095B256C336C856CAA1
                                                                                                                                                                                                                                  Function 078A6559 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 23f02f4bcd14975b5c23edbff440350c72d7468233d7d2147057b783ec31e511
                                                                                                                                                                                                                                  • Instruction ID: 1fe235de34300e9d744ee982d8b550a4783e5033fdbbe56a4ea15fd6a61a300f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23f02f4bcd14975b5c23edbff440350c72d7468233d7d2147057b783ec31e511
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 052113B4E1020AAFDF41DFB8C9916EEBBF1AB58314F144566D411E7358EB34AA44CBA0
                                                                                                                                                                                                                                  Function 078A0290 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 807c84e83d33a22b0b4a2c6c6f613b4eb34703e7599cc6e89f349abcc6d6882a
                                                                                                                                                                                                                                  • Instruction ID: 3fb08d8786dbe7a9b60d89a91c72d88ca3e77ca4392f10f5f165a6d641e46a3a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 807c84e83d33a22b0b4a2c6c6f613b4eb34703e7599cc6e89f349abcc6d6882a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0214175B102099FDF44DF69C8948EEBBB5FF89200B408579D906E7351EB70A905CBA0
                                                                                                                                                                                                                                  Function 00E7D36C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1683828350.0000000000E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_e7d000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 21946eab7b20e15ac967b002ad6283eb5ccc1ad5340f2f47982d937d86312c73
                                                                                                                                                                                                                                  • Instruction ID: fd2e6122b8cf7ad3da3c8d1d18f6e17f7513c45230fd7d87757bc892fd3024cb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21946eab7b20e15ac967b002ad6283eb5ccc1ad5340f2f47982d937d86312c73
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B210471508204EFCB05DF14D9C4B26BBB5FF84318F24C56DE80D5B296C336E846CA62
                                                                                                                                                                                                                                  Function 00E7D1B4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1683828350.0000000000E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_e7d000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3aeb7e415ea173c69270f8c607341b068ea5afc6cb15244d24c095838cd0037d
                                                                                                                                                                                                                                  • Instruction ID: 715af2a9ab8d97384c9dec59a29b8e872651c880d9fa9e9b04a81d681cae19f3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3aeb7e415ea173c69270f8c607341b068ea5afc6cb15244d24c095838cd0037d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D521F271608344DFCB05DF54D9C0B26BBB5FF84318F24C5A9E84D5B266C336D846CA61
                                                                                                                                                                                                                                  Function 078A02A0 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d3e134cca6ad4865b800445346cd470ea59d24d2e819f167318489f9982eb308
                                                                                                                                                                                                                                  • Instruction ID: 9a9794240fa96d9c2452df637fa19eb7462d7900c551d1df817f1059a0dbd0f3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3e134cca6ad4865b800445346cd470ea59d24d2e819f167318489f9982eb308
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3213E75E1020A9FCF44EF69C8848EEB7B9FF88300B508569D905B7351EB70A945CBA0
                                                                                                                                                                                                                                  Function 078AC536 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c04d8114f884c98b753799da4b4d363485acf3c42e2159235847adbbf72aad1a
                                                                                                                                                                                                                                  • Instruction ID: ed39128e55a27d1931024a9f1e222671bc0367e1d31411f173d1766eb2e5b47d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c04d8114f884c98b753799da4b4d363485acf3c42e2159235847adbbf72aad1a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF2184F1E29519F7FB548A6DC840779B7A1BB6B318F004617B112C7290C774E9908BB6
                                                                                                                                                                                                                                  Function 078A2FB0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3e29bd359630f3b2a4b2fb04ad7c3bedb28130813ced3a235b328ff0fd67b9bc
                                                                                                                                                                                                                                  • Instruction ID: 020aa2b47e9d8451766935cf9a3f1b10f2b01923b892497684b6b6e91511a64b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e29bd359630f3b2a4b2fb04ad7c3bedb28130813ced3a235b328ff0fd67b9bc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B11B1B12003029FF7369A2AD58876AB797EFE0350F04843AD91A86678DF71D8C6C651
                                                                                                                                                                                                                                  Function 078AF2C8 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 094236195ae9b0645b6775fc39092d7779c6ac72093117e60b796b1d7014405b
                                                                                                                                                                                                                                  • Instruction ID: a012175e396acdf4bd4254a82e249e8f5912c965827f2b959dd0916047ef4486
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 094236195ae9b0645b6775fc39092d7779c6ac72093117e60b796b1d7014405b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE219DB0E5420E9BDB00DFA8C5006EEBBB9FF89304F108565D104B7355DB30AE45CBA1
                                                                                                                                                                                                                                  Function 078A22EA Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b77f391c1c45b99b8d95a132d8f0ca7a86994ac26225e701d867aa3eb4183d40
                                                                                                                                                                                                                                  • Instruction ID: fb90764ba37535eb8666d4f27476eb097c97cd62afa5efe1553622975bada3ac
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b77f391c1c45b99b8d95a132d8f0ca7a86994ac26225e701d867aa3eb4183d40
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2311AF71700201AFE768DF69D481A2A7BF6FBC9210F148439E819CB359DB309C82CB61
                                                                                                                                                                                                                                  Function 078A3FC8 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 19f568d55ef1cb1155954c7105c28a0eab6c95db64f30ac4beff71e7c8deddbc
                                                                                                                                                                                                                                  • Instruction ID: 9303b22e16f6595e593a53c2783140f6687b5bbe37dad3a4946311664f8995d3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19f568d55ef1cb1155954c7105c28a0eab6c95db64f30ac4beff71e7c8deddbc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80114471B003045BC715DABD9854AAFBFFACF85250F14846BE909D3741ED349C0683E0
                                                                                                                                                                                                                                  Function 078A29D0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e68095e55ff9c92a208a14b9728aa4b6e37ebefa9f70dfe41af4e98eba8aecdf
                                                                                                                                                                                                                                  • Instruction ID: 4272a820efbf2e8f5c001315d308cc63994bb3bb19c7290a491a6b6f0ec59048
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e68095e55ff9c92a208a14b9728aa4b6e37ebefa9f70dfe41af4e98eba8aecdf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 861104B4700106AFEB20DF6AE649B6ABBF6FB94364F004029E419D7384DB30EC05CB51
                                                                                                                                                                                                                                  Function 00E6D567 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1683778263.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_e6d000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                  • Instruction ID: e795bc891aa5dbb08aa077621839dbeeef53f74fa72cba230bdfee3a0a59c54d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E011E676944240DFCB16CF14D9C4B1ABF72FB98318F24C5A9DC094B656C336D85ACBA1
                                                                                                                                                                                                                                  Function 00E7D367 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1683828350.0000000000E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_e7d000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                                                  • Instruction ID: 8bb6a52c460827bd1d1788eebbd3084fe33f37ab0415a1173ac2ed102a39c6c0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB118E75508244DFDB06CF14D9C4B15BB72FF84318F24C6A9D8494B656C33AE84ACB51
                                                                                                                                                                                                                                  Function 00E7D1AF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1683828350.0000000000E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_e7d000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                                                  • Instruction ID: a4e49b410c3e9c35efb934dc75ba5975ef0e9e653a8a38a9a50f6b55273e266e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 641179755082809FDB06CF54D9C4B15BBB1FB84318F28C6AAD8494B666C33AD85ACBA1
                                                                                                                                                                                                                                  Function 078A4DD0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b8437495e636ca01498a0f9c36fe9492d7610e92f565f2a5be7a2685563ac10e
                                                                                                                                                                                                                                  • Instruction ID: 7e1b499beeeabf999beb31a886c1442fe52382281c48a669da1145377f57db52
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8437495e636ca01498a0f9c36fe9492d7610e92f565f2a5be7a2685563ac10e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AF03C7661421AAFDB055F69E8459AFBFAAFB88251B108036FD05C2350DB319C269B90
                                                                                                                                                                                                                                  Function 078A7D58 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8ee4d03b249f1f1727424874d3d18bd447574a60cd69ed9d82eeff6782635daa
                                                                                                                                                                                                                                  • Instruction ID: 9919420ceb972ec2cafa7ed19417866db11577049d9b275cdaa815b168bc2819
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ee4d03b249f1f1727424874d3d18bd447574a60cd69ed9d82eeff6782635daa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7901F57095D3889FE3029634C4086B97FB25B9330DF0480AED0459F68BC77A9586DB22
                                                                                                                                                                                                                                  Function 078A4DE0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e73a7b31e0e0ec8a7845fb1f012248f087e3da3c593c307db54aedd18dd5354b
                                                                                                                                                                                                                                  • Instruction ID: f816cf11182cac80d08a0908900dc8ddf0750a1c5740b3e06c845a6c79c63ce5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e73a7b31e0e0ec8a7845fb1f012248f087e3da3c593c307db54aedd18dd5354b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CF0123571421AAF9B055F59E84586FBFAAFB8C2107108027FD15C3350DF718C229B90
                                                                                                                                                                                                                                  Function 078A8F1C Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 85aafc9a54e963147e3ba5ebd51176fcad9bd87f77333c017d16e01e320cef54
                                                                                                                                                                                                                                  • Instruction ID: 864a44d3293a6a14580d7f5ab2279da2e7253074632867cf26e3a823c92030f8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85aafc9a54e963147e3ba5ebd51176fcad9bd87f77333c017d16e01e320cef54
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66F090E192D1CAEFE30387A849510207BB1EAB720DB5404C7E487CF656E6688924C376
                                                                                                                                                                                                                                  Function 078AB8E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 580e03229bbbb20eaa4cf246df2b0f17b90db4935118b4ec4cfe9d7e6414775d
                                                                                                                                                                                                                                  • Instruction ID: 2bc2aa273b321b7a8f43edfb74ee39e7a1078166320ad4e1dc8bef3e68290ea7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 580e03229bbbb20eaa4cf246df2b0f17b90db4935118b4ec4cfe9d7e6414775d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BF05EE092C28CFFA3009BA8AA518397F605B7712CF0845DBC44AC7A56FA2909109763
                                                                                                                                                                                                                                  Function 078A2810 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 918c88223671f37a4a26864efc131fa011559bb56ea10aa4ede0368046b25abe
                                                                                                                                                                                                                                  • Instruction ID: 70a44b2130857d91dec2046072ef637402d20c6ed18432eff77313402fc4f5e1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 918c88223671f37a4a26864efc131fa011559bb56ea10aa4ede0368046b25abe
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53F0FE363402049BD3149F69E445A567BA5FBD5761F10C03AF559C7744DA31D846CBA0
                                                                                                                                                                                                                                  Function 078ABBED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e57d1301eb526452fa1ed04c4967fda83d096126e9243dd34ac6ae4acf62f05c
                                                                                                                                                                                                                                  • Instruction ID: 958254a372e712f5a3303b7de2cf3bc4dc3b2c243c086626a7f78ee945d73bf4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e57d1301eb526452fa1ed04c4967fda83d096126e9243dd34ac6ae4acf62f05c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4F0FF74A001089FC744EFD9D590A5EBFF2FF98314F208555A405A7399CA31ED82CB91
                                                                                                                                                                                                                                  Function 078A2800 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0ec07d988dd68ff544888b247a95cf816263fe834006d11e936075348889bd4d
                                                                                                                                                                                                                                  • Instruction ID: b2ff6dfaf7b48846e072606575526166ab5ad81e25416f5a61c21e56d3e8d8fa
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ec07d988dd68ff544888b247a95cf816263fe834006d11e936075348889bd4d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13F030322002056BD7155B29E84AA96BF65EBC5761F55C03AF505C7385CE31DC07CBA0
                                                                                                                                                                                                                                  Function 078AAEEA Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 736e0aacbd8d084d63c2e239425b5b586654f15e7401cc08ac211c3315fb2b2e
                                                                                                                                                                                                                                  • Instruction ID: 74bd09e1a8f9ee9cf9e822f2a71d846ecbdb71cf65eaccab0c8849974cd3224e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 736e0aacbd8d084d63c2e239425b5b586654f15e7401cc08ac211c3315fb2b2e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55F09070A45345EFEB059BB4CC4A9ADBF72AF6A304F00C162F512A62D1CB305815CB52
                                                                                                                                                                                                                                  Function 078AC0C8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 41f8bd80d5af00873bef0137eff736ecb8a1b046fd332a279028c2596aa9ffbc
                                                                                                                                                                                                                                  • Instruction ID: ff3ccb6633552803d0d866275692ec821fa79d873a02abb8fb333cf8f97a2710
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41f8bd80d5af00873bef0137eff736ecb8a1b046fd332a279028c2596aa9ffbc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4E0D8B066810CFFE3108E08A4267A137AAFB5530DF208077D90BE6A44EA65494046B6
                                                                                                                                                                                                                                  Function 078A0DE8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ec7845929485bf44ca087496ef10aa22b06d46eca4c1c66ffa1b99a002d1f3de
                                                                                                                                                                                                                                  • Instruction ID: d336a4db97ae922f804b2c8efb6eac2b1f56e9a4f48a1a3041ef88982eed6676
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec7845929485bf44ca087496ef10aa22b06d46eca4c1c66ffa1b99a002d1f3de
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93E0927190470CAECB41AE34880418B3FF86B22110F01C176E848DA011F634D1A8DB90
                                                                                                                                                                                                                                  Function 078A9D78 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 60bf5b5b9a897ee480da9ad70792171bc8c2af1748dfe11248f6beb7433feec6
                                                                                                                                                                                                                                  • Instruction ID: 0eb07ad1575889841f2b5329d36af2149397696c3d96c3041fc532149a00a59d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60bf5b5b9a897ee480da9ad70792171bc8c2af1748dfe11248f6beb7433feec6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CE048A052C10CEFE60CB568856D67576A79B6231DF104466D00BC9686DE25B891C551
                                                                                                                                                                                                                                  Function 078A8140 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4434ee8cbe4dac37287f95388d86ff134e2217947d380bab2e2cb931c7aa645c
                                                                                                                                                                                                                                  • Instruction ID: 1c0acec647ae8749d6a7a563b570f457e6fb7bdae74db5fad7c7703c84ed9855
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4434ee8cbe4dac37287f95388d86ff134e2217947d380bab2e2cb931c7aa645c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15E0927410964A8FE3029B74D85522A7BB0EF56208F15C4979465CB297CA30AC0AC765
                                                                                                                                                                                                                                  Function 078AC0D8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fbdb25dacf9d1d8fd5221bd9cff0e94d61882dcbd0878da725571fa8294c4b70
                                                                                                                                                                                                                                  • Instruction ID: f0f102aba04d67a3e2c97d25644307d629b9047f35c110bec29523bd8f71fb95
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbdb25dacf9d1d8fd5221bd9cff0e94d61882dcbd0878da725571fa8294c4b70
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADD0C2B06AC10CFFA3208E586521526369AA7AA30CF108073E907E7244E961890006B2
                                                                                                                                                                                                                                  Function 078A9D88 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5c1d054abd932cf11e214e4254805c7051e3ef9d29d3fbd49ba2a6100570d377
                                                                                                                                                                                                                                  • Instruction ID: 379cc321f5ba611bf88de8b4b2f0b6bcd5bd5dfa2c943e79baf414c0733aa77c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c1d054abd932cf11e214e4254805c7051e3ef9d29d3fbd49ba2a6100570d377
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8D05ED427C50CFFF548357C540D63A75A69BA231DF008466E00BC6B86DE22B8D182A2
                                                                                                                                                                                                                                  Function 078AB8F8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 71ea293d8b0caa31e55654f798170353108415b70c47d6c69c2ff8247fddcc2b
                                                                                                                                                                                                                                  • Instruction ID: 7e47df28ea60236ccc9cad67fcd6828baebb5962ac1bd82d0e59829b244fd5de
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71ea293d8b0caa31e55654f798170353108415b70c47d6c69c2ff8247fddcc2b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53D05EE0A3C10CFB7250AAD86541D3A7EA8A77722DF084852980BC3704F925594093B3
                                                                                                                                                                                                                                  Function 078AAE9B Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fd79ba9cd51fa0a114011c2d63131f00eb0724b88c189cc310f5a9c13b60766b
                                                                                                                                                                                                                                  • Instruction ID: de563189e32264792c33456ca55f86daab4d1d6504243b97b010390275e9cd2a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd79ba9cd51fa0a114011c2d63131f00eb0724b88c189cc310f5a9c13b60766b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFE09AB1C092899FC705CF78C892269BFF1BF42208B0890ABD064DB127C7301416CB82
                                                                                                                                                                                                                                  Function 078AB059 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: aa646be958ba2c45355953d4d465bf5f1d6a76b2734f9e949158f0641b23ee9e
                                                                                                                                                                                                                                  • Instruction ID: 1642416a479d155c2786ac1c4f5b5f81289ee7636617932b07be099d2ac6d512
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa646be958ba2c45355953d4d465bf5f1d6a76b2734f9e949158f0641b23ee9e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88D05EA4B5410CABE308EEB1985153E2AE3B784714F50D429B802D73C8DD309D02C661
                                                                                                                                                                                                                                  Function 078A0DF8 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 86d6488e941cd35d512b7081c58e5a4b6161ac123dccd0dddeaabcfec6b59d67
                                                                                                                                                                                                                                  • Instruction ID: 865433cb9e2b27d44684b17fbbb086dc73b5933eddb82c1532169e5952be9470
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86d6488e941cd35d512b7081c58e5a4b6161ac123dccd0dddeaabcfec6b59d67
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FEE0127181060CEDCB40EF78D50859E7BE8AB25211F00C53AE94DDA110F630D2E4DF80
                                                                                                                                                                                                                                  Function 078A20D8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2dffcfdb3a8cb1af1fa5c69f3e4f922e4d0af013f79fb0f51b32a41884a4a8d9
                                                                                                                                                                                                                                  • Instruction ID: 1db76dfe09c302b1c2716139d8a8588f4f54c9f320a2163b16880a8508744dc5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2dffcfdb3a8cb1af1fa5c69f3e4f922e4d0af013f79fb0f51b32a41884a4a8d9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AED0A73074420447A3042FB2680737537EEBB80555345C014F50AC36C1CF24D841C211
                                                                                                                                                                                                                                  Function 078A6681 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8a34f8e846108e4df3206ae0c6cd985e50db0bea09edeb34ec4788421cfcc521
                                                                                                                                                                                                                                  • Instruction ID: 278e864e18d5c9fbb39c6acf97dcd913ffd0f7df0fd97022d7699026111c4873
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a34f8e846108e4df3206ae0c6cd985e50db0bea09edeb34ec4788421cfcc521
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AD0A9920482C8ABC30316F078160F23F308A030A630F00CBE088C9043D52404948212
                                                                                                                                                                                                                                  Function 078AC0A0 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f22fe48b786ac78016ccb378cd8d64e7a47608bd198cdae4837790030061854b
                                                                                                                                                                                                                                  • Instruction ID: a0f57613a19556deae531cfa2c83772fbace07dd9b09f461353f08aaf322dd86
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f22fe48b786ac78016ccb378cd8d64e7a47608bd198cdae4837790030061854b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98C08CD027C20CFFB40091AC151443D3E5D65BB30DF204037D20FC2245EE1288408A73
                                                                                                                                                                                                                                  Function 078AE318 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f842a7f49448c9e3932f83ac1aec9ef8448a9367806c82bd9060cbc317044208
                                                                                                                                                                                                                                  • Instruction ID: c92bd0e030c2ac03721cdef2c2a7519ccaf20d6b24c20d4b3e115c36bd2a65d0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f842a7f49448c9e3932f83ac1aec9ef8448a9367806c82bd9060cbc317044208
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEC08CB048160487C2042BE9F50F3243AAC9B6021AF401250F18D810709E603440CA61
                                                                                                                                                                                                                                  Function 078AC2F0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: bb67e5f6f690b7f508d61bea6c440d1dfb32b091a18d6258b841fdb884c73fd7
                                                                                                                                                                                                                                  • Instruction ID: 12706bed94efa30b3e53899b8e1b2c9a9f5315f5d9f63e5d43a02a1a1a042e3f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb67e5f6f690b7f508d61bea6c440d1dfb32b091a18d6258b841fdb884c73fd7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63B092E407C20CF6290021D820291353A1C6027A0DE000012A10FE090949C2147201F2
                                                                                                                                                                                                                                  Function 078ABCB0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7212041bf5b845c7c91ef94869280ee41c9aedf4c165af462c189e8ed28bc4e3
                                                                                                                                                                                                                                  • Instruction ID: 77ca1199631bf6dcc4f6df6ad40c984faffeb12cd6266b392ff4add5be595ab7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7212041bf5b845c7c91ef94869280ee41c9aedf4c165af462c189e8ed28bc4e3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0C012B3808194DFC302CB65CCE6A543FE4AD2A20074C19CAC0458F322E220F810CB00
                                                                                                                                                                                                                                  Function 078AB9C1 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e7fd75bc5138c9d4382b26c73a77361f1b99afa29f716c727e07f6193583fb09
                                                                                                                                                                                                                                  • Instruction ID: 023ebbf41fe41dddef24d955eb561d99c16c463ad43300b7ff6f732b274eea08
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7fd75bc5138c9d4382b26c73a77361f1b99afa29f716c727e07f6193583fb09
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54C04CB0B6021DFFEB118A61DE86E6D7AAA6B26A04F105524B642AA194D6705901C640
                                                                                                                                                                                                                                  Function 078A6690 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695136779.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_78a0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b925f8a9adf245ca2a1c58452a53493eae973cb83a250eff3793a83c70a02da3
                                                                                                                                                                                                                                  • Instruction ID: 98e0848ee10b9a58b4295362e9f89bb630afc1e6adeb37d5ed147760e9721fc1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b925f8a9adf245ca2a1c58452a53493eae973cb83a250eff3793a83c70a02da3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18A012A6138B0CE61184115160091363F3C112114CF040040F91A840057B1234204044

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 05EB11F8 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1693850870.0000000005EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5eb0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: d
                                                                                                                                                                                                                                  • API String ID: 0-2564639436
                                                                                                                                                                                                                                  • Opcode ID: 85abd73c77fd257b5a59dc9bb5aab4da96f0901dc2cc4557f91344dc5276e894
                                                                                                                                                                                                                                  • Instruction ID: 6fd37a59d0cd9baa26e27606c999ac21a02a8966b8d85a8e4a64255ea65745fc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85abd73c77fd257b5a59dc9bb5aab4da96f0901dc2cc4557f91344dc5276e894
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4151E771E04228CFDB28DF66D8507EEBBB2BB89311F50D1A9D41CA7265DB315A86CF40
                                                                                                                                                                                                                                  Function 05EB1230 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1693850870.0000000005EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5eb0000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: d
                                                                                                                                                                                                                                  • API String ID: 0-2564639436
                                                                                                                                                                                                                                  • Opcode ID: 4bcd1324b879b16338ad25ddea0bbc03509cfa62408586ae03dadafe4de4d152
                                                                                                                                                                                                                                  • Instruction ID: d537b90b267b7c32ec392bd79bd2c052c23a511ccf39a5fa148e11afbf657dad
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bcd1324b879b16338ad25ddea0bbc03509cfa62408586ae03dadafe4de4d152
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B51D471E00628CFDB29DF66DC047EEBBB2AB89311F5091AAD418A7264DB355A85CF40
                                                                                                                                                                                                                                  Function 07C03788 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7c110b7f52b43a0001c69d8cf85ffa28ba489081f69e701f7daa75dc4f3c6c3c
                                                                                                                                                                                                                                  • Instruction ID: fb84cf2f8471a9cbfc09b12386fbf5429bac85ee08c4d8e8167afdc326634e23
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c110b7f52b43a0001c69d8cf85ffa28ba489081f69e701f7daa75dc4f3c6c3c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFE1EAB4E002598FCB14DFA9C5809AEFBF6BF89305F24C169D414AB356DB30A941CFA5
                                                                                                                                                                                                                                  Function 07C03350 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3ffbe49d42e26f1fe2f59e065b65c60c3d8bb4f2aa4042ba4c38ef9a3cad97eb
                                                                                                                                                                                                                                  • Instruction ID: 6396fedddf666cb88606d76cbbf7afda0cbf2c1b557cf4af60fa46887c2a7558
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ffbe49d42e26f1fe2f59e065b65c60c3d8bb4f2aa4042ba4c38ef9a3cad97eb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55E1ECB4E002598FCB14DFA9C6809AEFBF6BF49305F24C169D414AB355DB30A941CFA5
                                                                                                                                                                                                                                  Function 07C02F18 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1b58058dd7de4ee67b8b698bacd00ac8b58da57da0bb63b2a5bcf4d2341f5f82
                                                                                                                                                                                                                                  • Instruction ID: 2edd128fd18561b62cdbac8645ea8428d34f3491c334ee14e439c473c22de9e7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b58058dd7de4ee67b8b698bacd00ac8b58da57da0bb63b2a5bcf4d2341f5f82
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05E10AB4E002598FCB14DFA9C5809AEFBF2BF89305F24C169D414AB356DB31A941CFA5
                                                                                                                                                                                                                                  Function 07C04E60 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 81581f9e238a052ca8b75670024b3674c30436602602d1ff5c30fa1801683717
                                                                                                                                                                                                                                  • Instruction ID: cf3f59ad93b9839f7917d5b42fba654f4850b0b1664d490589484d13ab53d4d4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81581f9e238a052ca8b75670024b3674c30436602602d1ff5c30fa1801683717
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14E1FBB4E002198FCB14DFA9D5809AEFBF6BF49305F24C169D414AB355DB31AA41CFA1
                                                                                                                                                                                                                                  Function 07C04A28 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1695460216.0000000007C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7c00000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 01eb1c851560b351ee13cd68b349309fa160da59e2a06c607db94ee46f13d5aa
                                                                                                                                                                                                                                  • Instruction ID: ad4ea70f05126df9707a1b5c25413eeaafb9700adb30ace3d896d1089b5336f9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01eb1c851560b351ee13cd68b349309fa160da59e2a06c607db94ee46f13d5aa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9E1ECB4E002598FCB14DFA9C5809AEFBF2BF89305F24C169D514A7355DB30AA41CFA5
                                                                                                                                                                                                                                  Function 0115E124 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1684065687.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_1150000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d24e069ae1f59e4a30716f8b85c8e16252eeb116d1c61ab1eaaee0456d54f115
                                                                                                                                                                                                                                  • Instruction ID: b3a9719b5388baf8e0a577fc8a05552cecc9ffe41746794f5b424957cce0ff7c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d24e069ae1f59e4a30716f8b85c8e16252eeb116d1c61ab1eaaee0456d54f115
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AFA17F32E00616CFCF19DFB4C8805EEBBB2FF85304B15856AE915AB265DB71D946CB80

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:11.2%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                  Total number of Nodes:44
                                                                                                                                                                                                                                  Total number of Limit Nodes:5
                                                                                                                                                                                                                                  execution_graph 20637 2694668 20638 2694684 20637->20638 20639 2694696 20638->20639 20641 26947a0 20638->20641 20642 26947c5 20641->20642 20646 26948a1 20642->20646 20650 26948b0 20642->20650 20648 26948b0 20646->20648 20647 26949b4 20647->20647 20648->20647 20654 2694248 20648->20654 20651 26948d7 20650->20651 20652 2694248 CreateActCtxA 20651->20652 20653 26949b4 20651->20653 20652->20653 20655 2695940 CreateActCtxA 20654->20655 20657 2695a03 20655->20657 20658 269ad38 20659 269ad3a 20658->20659 20663 269ae20 20659->20663 20668 269ae30 20659->20668 20660 269ad47 20665 269ae30 20663->20665 20664 269ae64 20664->20660 20665->20664 20666 269b068 GetModuleHandleW 20665->20666 20667 269b095 20666->20667 20667->20660 20671 269ae32 20668->20671 20669 269ae64 20669->20660 20670 269b068 GetModuleHandleW 20672 269b095 20670->20672 20671->20669 20671->20670 20672->20660 20673 269d0b8 20674 269d0fe 20673->20674 20678 269d289 20674->20678 20681 269d298 20674->20681 20675 269d1eb 20684 269c9a0 20678->20684 20682 269d2c6 20681->20682 20683 269c9a0 DuplicateHandle 20681->20683 20682->20675 20683->20682 20685 269d300 DuplicateHandle 20684->20685 20686 269d2c6 20685->20686 20686->20675 20687 7748940 20688 7748966 20687->20688 20689 7748acb 20687->20689 20688->20689 20691 7747fd0 20688->20691 20692 7748bc0 PostMessageW 20691->20692 20693 7748c2c 20692->20693 20693->20688

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 07745968 Relevance: 5.5, Strings: 4, Instructions: 496COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 294 7745968-7745988 295 774598f-7745a84 294->295 296 774598a 294->296 305 7745a86 295->305 306 7745a8b-7745ab9 295->306 296->295 305->306 308 7745e61-7745e6a 306->308 309 7745e70-7745ef2 308->309 310 7745abe-7745ac7 308->310 324 7745ef4 309->324 325 7745ef9-7745f27 309->325 311 7745ace-7745bad 310->311 312 7745ac9 310->312 343 7745bb4-7745be8 311->343 312->311 324->325 329 77462e4-77462ed 325->329 331 77462f3-7746323 329->331 332 7745f2c-7745f35 329->332 333 7745f37 332->333 334 7745f3c-774601b 332->334 333->334 366 7746022-7746056 334->366 347 7745d8b-7745d9f 343->347 350 7745da5-7745dc2 347->350 351 7745bed-7745c85 347->351 354 7745dc4-7745dd0 350->354 355 7745dd1 350->355 369 7745c87-7745c9f 351->369 370 7745ca1 351->370 354->355 355->308 371 774620b-774621f 366->371 372 7745ca7-7745cc8 369->372 370->372 375 7746225-7746242 371->375 376 774605b-77460f9 371->376 377 7745cce-7745d49 372->377 378 7745d7a-7745d8a 372->378 382 7746244-7746250 375->382 383 7746251 375->383 398 7746115 376->398 399 77460fb-7746113 376->399 394 7745d65 377->394 395 7745d4b-7745d63 377->395 378->347 382->383 383->329 397 7745d6b-7745d79 394->397 395->397 397->378 400 774611b-774613c 398->400 399->400 403 77461f7-774620a 400->403 404 7746142-77461c6 400->404 403->371 411 77461e2 404->411 412 77461c8-77461e0 404->412 413 77461e8-77461f6 411->413 412->413 413->403
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1815990765.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_7740000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $kq$$kq$$kq$$kq
                                                                                                                                                                                                                                  • API String ID: 0-2881790790
                                                                                                                                                                                                                                  • Opcode ID: e7ae8337f951091a536c7bdfb1a4f65c80c47e7cf35fe9489218208462af806f
                                                                                                                                                                                                                                  • Instruction ID: 2ff6d792d09d87c7b963c8d1f9f44158e060eb46eff580910bcfb0bb7cac59b3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7ae8337f951091a536c7bdfb1a4f65c80c47e7cf35fe9489218208462af806f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C532AFB4A01228CFDB64DF64C990BDEBBB2BF49300F1495E9D10AAB251DB349E85DF50
                                                                                                                                                                                                                                  Function 07743BE0 Relevance: 5.3, Strings: 4, Instructions: 271COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 415 7743be0-7743c00 416 7743c07-7743cd0 415->416 417 7743c02 415->417 426 7743fb2-7743fbb 416->426 417->416 427 7743cd5-7743cde 426->427 428 7743fc1-7743fdc 426->428 429 7743ce5-7743d09 427->429 430 7743ce0 427->430 432 7743fde-7743fe7 428->432 433 7743fe8 428->433 436 7743d16-7743d5b 429->436 437 7743d0b-7743d14 429->437 430->429 432->433 435 7743fe9 433->435 435->435 465 7743d66 436->465 439 7743d6c-7743d73 437->439 440 7743d75-7743d81 439->440 441 7743d9d 439->441 443 7743d83-7743d89 440->443 444 7743d8b-7743d91 440->444 445 7743da3-7743daa 441->445 446 7743d9b 443->446 444->446 447 7743db7-7743e0b 445->447 448 7743dac-7743db5 445->448 446->445 472 7743e16 447->472 450 7743e1c-7743e23 448->450 453 7743e25-7743e31 450->453 454 7743e4d 450->454 456 7743e33-7743e39 453->456 457 7743e3b-7743e41 453->457 455 7743e53-7743e65 454->455 462 7743e67-7743e80 455->462 463 7743e82-7743e84 455->463 460 7743e4b 456->460 457->460 460->455 466 7743e87-7743e92 462->466 463->466 465->439 469 7743f68-7743f83 466->469 470 7743e98-7743f67 466->470 474 7743f85-7743f8e 469->474 475 7743f8f 469->475 470->469 472->450 474->475 475->426
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1815990765.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_7740000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $kq$$kq$$kq$$kq
                                                                                                                                                                                                                                  • API String ID: 0-2881790790
                                                                                                                                                                                                                                  • Opcode ID: 526182384abdb5001c036e65e0d3bf83681350a77f4d22f387fbce173be49cdc
                                                                                                                                                                                                                                  • Instruction ID: fb5d9fe4cd48c14f6e249bda44080142e18b75280daa506ab4a11ddeb3e908ad
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 526182384abdb5001c036e65e0d3bf83681350a77f4d22f387fbce173be49cdc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FC1C5B0E01219CFDB28DFA5C99079EBBB2BF49340F2495A9D409BB355DB349A85CF40
                                                                                                                                                                                                                                  Function 07746428 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 507 7746428-7746459 508 7746460-77464ca 507->508 509 774645b 507->509 514 77464d2-774651f 508->514 509->508 518 7746757-774676b 514->518 520 7746524-774660f 518->520 521 7746771-7746795 518->521 536 77466eb-77466fb 520->536 526 7746796 521->526 526->526 538 7746614-774662a 536->538 539 7746701-774672b 536->539 543 7746654 538->543 544 774662c-7746638 538->544 545 7746737 539->545 546 774672d-7746736 539->546 549 774665a-77466bf 543->549 547 7746642-7746648 544->547 548 774663a-7746640 544->548 545->518 546->545 550 7746652 547->550 548->550 556 77466d7-77466ea 549->556 557 77466c1-77466d6 549->557 550->549 556->536 557->556
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1815990765.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_7740000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: LRkq$PHkq
                                                                                                                                                                                                                                  • API String ID: 0-2695724965
                                                                                                                                                                                                                                  • Opcode ID: 7280414b31a9dd8ba25bf1baf7aef80b46cb7b205291498cae8839dcbadecb03
                                                                                                                                                                                                                                  • Instruction ID: 911c0d4e6fe729092d00c17316d00bbf66e01bd4397c9dfe90f50d5088acb3b4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7280414b31a9dd8ba25bf1baf7aef80b46cb7b205291498cae8839dcbadecb03
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28A1E6B4E00319CFDB24DFA5C995B9EBBB2FF4A304F1085A9D409AB264DB305A85CF41
                                                                                                                                                                                                                                  Function 077451D8 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 730 77451d8-77451f8 731 77451ff-77452ce 730->731 732 77451fa 730->732 741 774540c-774540f 731->741 732->731 742 7745416-774541d 741->742 743 77452d3-77452e4 742->743 744 7745423-774543d 742->744 749 7745305 743->749 750 77452e6-77452ef 743->750 747 774543f-7745448 744->747 748 7745449 744->748 747->748 751 774544a 748->751 754 7745308-7745342 749->754 752 77452f6-77452f9 750->752 753 77452f1-77452f4 750->753 751->751 756 7745303 752->756 753->756 759 77453ef-774540b 754->759 760 7745348-7745387 call 77450e8 754->760 756->754 759->741 766 774539d 760->766 767 7745389-774539b 760->767 768 77453a0-77453ee call 7745120 call 7745160 call 77451a0 766->768 767->768 768->759
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1815990765.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_7740000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $kq
                                                                                                                                                                                                                                  • API String ID: 0-3037731980
                                                                                                                                                                                                                                  • Opcode ID: e3de53a52fe00739eadc4b0948acb1820817ead9f69bc6e644a1e1d96c622fd1
                                                                                                                                                                                                                                  • Instruction ID: 33c60d5e75cb5705272f83470f45427b04a6badbdbd942a4b775e95052e511c1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3de53a52fe00739eadc4b0948acb1820817ead9f69bc6e644a1e1d96c622fd1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D71F5B4E01318CFDB28DFA9D584AADBBB2FF89304F209929D415AB354DB745841CF40
                                                                                                                                                                                                                                  Function 0269AE30 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 560 269ae30-269ae3f 562 269ae6b-269ae6f 560->562 563 269ae41-269ae4e call 2699838 560->563 565 269ae71-269ae7b 562->565 566 269ae83-269aec4 562->566 569 269ae50 563->569 570 269ae64 563->570 565->566 572 269aed1-269aedf 566->572 573 269aec6-269aece 566->573 620 269ae56 call 269b0c8 569->620 621 269ae56 call 269b0b8 569->621 570->562 574 269aee1-269aee6 572->574 575 269af03-269af05 572->575 573->572 578 269aee8-269aeef call 269a814 574->578 579 269aef1 574->579 577 269af08-269af0f 575->577 576 269ae5c-269ae5e 576->570 580 269afa0-269afb7 576->580 582 269af1c-269af23 577->582 583 269af11-269af19 577->583 584 269aef3-269af01 578->584 579->584 594 269afb9-269b018 580->594 587 269af30-269af39 call 269a824 582->587 588 269af25-269af2d 582->588 583->582 584->577 592 269af3b-269af43 587->592 593 269af46-269af4b 587->593 588->587 592->593 595 269af69-269af76 593->595 596 269af4d-269af54 593->596 612 269b01a-269b01c 594->612 602 269af99-269af9f 595->602 603 269af78-269af96 595->603 596->595 597 269af56-269af66 call 269a834 call 269a844 596->597 597->595 603->602 613 269b048-269b060 612->613 614 269b01e-269b046 612->614 615 269b068-269b093 GetModuleHandleW 613->615 616 269b062-269b065 613->616 614->613 617 269b09c-269b0b0 615->617 618 269b095-269b09b 615->618 616->615 618->617 620->576 621->576
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0269B086
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1800357242.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_2690000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: bc3191efd52e1f9960cb3a410ca92d41ce3fa517080dbb3eca203658398262cc
                                                                                                                                                                                                                                  • Instruction ID: 397768969e9188296fe96e041dbc90541c36837b08816ab1a440d837f153ad29
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc3191efd52e1f9960cb3a410ca92d41ce3fa517080dbb3eca203658398262cc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 698136B0A00B458FDB24DF69D14175ABBF6FF88304F04892DD48A97B50DB75E94ACB90
                                                                                                                                                                                                                                  Function 02695935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 622 2695935-269593c 623 2695944-2695a01 CreateActCtxA 622->623 625 2695a0a-2695a64 623->625 626 2695a03-2695a09 623->626 633 2695a73-2695a77 625->633 634 2695a66-2695a69 625->634 626->625 635 2695a79-2695a85 633->635 636 2695a88 633->636 634->633 635->636 637 2695a89 636->637 637->637
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 026959F1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1800357242.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_2690000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 88273315bb09704a04e01a81fae09302664b42c425fd3da6d7126fb49dc68b84
                                                                                                                                                                                                                                  • Instruction ID: 32220249cf9bd0628a61a90634858f7fdeea30ed5fb7171b9b648bc460822c2d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88273315bb09704a04e01a81fae09302664b42c425fd3da6d7126fb49dc68b84
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F141E3B0D00719CEDF24DFA9C98479DBBB5BF44304F24806AD409BB255DB75698ACF90
                                                                                                                                                                                                                                  Function 02694248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 639 2694248-2695a01 CreateActCtxA 642 2695a0a-2695a64 639->642 643 2695a03-2695a09 639->643 650 2695a73-2695a77 642->650 651 2695a66-2695a69 642->651 643->642 652 2695a79-2695a85 650->652 653 2695a88 650->653 651->650 652->653 654 2695a89 653->654 654->654
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 026959F1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1800357242.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_2690000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 6029c6f6eda9b30f184996c9c9c117b37ebb425a1ca5e3e9ef68c66ca240ad87
                                                                                                                                                                                                                                  • Instruction ID: f996d4091a85fd49549e09ba8f5cfe35870fdd8f1fbcf303c3f8ecb9790b4607
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6029c6f6eda9b30f184996c9c9c117b37ebb425a1ca5e3e9ef68c66ca240ad87
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1941F1B0D00719CFEB24CFA9C984B8DBBB5FF49304F20806AD409AB255DB75694ACF90
                                                                                                                                                                                                                                  Function 0269C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 656 269c9a0-269d394 DuplicateHandle 658 269d39d-269d3ba 656->658 659 269d396-269d39c 656->659 659->658
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0269D2C6,?,?,?,?,?), ref: 0269D387
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1800357242.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_2690000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: a9764ac82fb92302e9d31b9709138a123e7ddaa5af69e375360372b212385ec1
                                                                                                                                                                                                                                  • Instruction ID: 153356d0d8bd4f53c835bfc8bb347dedd41292b2a41206be72be34e259b23274
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9764ac82fb92302e9d31b9709138a123e7ddaa5af69e375360372b212385ec1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A21E5B5900248DFDB10DF9AD984ADEBBF8EB49310F14802AE954A7310D774A950CFA4
                                                                                                                                                                                                                                  Function 0269D2F9 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 662 269d2f9-269d394 DuplicateHandle 663 269d39d-269d3ba 662->663 664 269d396-269d39c 662->664 664->663
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0269D2C6,?,?,?,?,?), ref: 0269D387
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1800357242.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_2690000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: d41343c95cf9181c08745fe84e58c72909a89b24c89b727102385450d00d5b59
                                                                                                                                                                                                                                  • Instruction ID: 443b7d27a5899a5002840684e91168c3da2d6766c2bb44163ec6f90cb18768c6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d41343c95cf9181c08745fe84e58c72909a89b24c89b727102385450d00d5b59
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0921E2B5900249DFDB10CFA9D584ADEBBF5FB48314F24802AE958A3360C774A950CFA4
                                                                                                                                                                                                                                  Function 07748BB8 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 667 7748bb8-7748c2a PostMessageW 669 7748c33-7748c47 667->669 670 7748c2c-7748c32 667->670 670->669
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 07748C1D
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1815990765.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_7740000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: 7cd97efa3f4bf625febb42ed1814479eb8715345ea310fb0bf732f9ef7866448
                                                                                                                                                                                                                                  • Instruction ID: f76759914b17750f87108f5bbe88e6ef1cbb7af23dff2ebcfbe4a5219daf55ea
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cd97efa3f4bf625febb42ed1814479eb8715345ea310fb0bf732f9ef7866448
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D1113B58003499FCB20DF9AD885BDEFFF8EB48360F10845AE558A7610C375A580CFA5
                                                                                                                                                                                                                                  Function 07747FD0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 678 7747fd0-7748c2a PostMessageW 680 7748c33-7748c47 678->680 681 7748c2c-7748c32 678->681 681->680
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 07748C1D
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1815990765.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_7740000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: cede83ae6be893ebadd5149fd2281f402c422416a9ab685752708e550101245d
                                                                                                                                                                                                                                  • Instruction ID: 811a6736c1687bc405e15957ab9c8326d0eb13572fe72d05a8fd226240d31526
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cede83ae6be893ebadd5149fd2281f402c422416a9ab685752708e550101245d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7711F5B5800749DFDB20DF99D584BDEBBF8EB48310F108459E554A7210C375A944CFA5
                                                                                                                                                                                                                                  Function 0269B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 672 269b020-269b060 673 269b068-269b093 GetModuleHandleW 672->673 674 269b062-269b065 672->674 675 269b09c-269b0b0 673->675 676 269b095-269b09b 673->676 674->673 676->675
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0269B086
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1800357242.0000000002690000.00000040.00000800.00020000.00000000.sdmp, Offset: 02690000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_2690000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: 0bf81d95d6fc8bd713867c7e6af42b3472b30336f5aa7cfbca5751a1fd187c96
                                                                                                                                                                                                                                  • Instruction ID: d6eb15893c8aa8f3903a6defd925477f0d4791508bcc89bf361a9fcc412f0e6d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bf81d95d6fc8bd713867c7e6af42b3472b30336f5aa7cfbca5751a1fd187c96
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 391110B5C00349CFCB20CF9AD444ADEFBF8AB88328F10842AD468B7210C775A545CFA1
                                                                                                                                                                                                                                  Function 00B4D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1799163379.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b4d000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 12804b5e9bde42c685d4ac10dd56ddb77dba96f006b9e307147b305bd693d0bd
                                                                                                                                                                                                                                  • Instruction ID: 60826c7a65651c157edf2d6ef0695cf825d15cc156d19005d0c55b036c47c636
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12804b5e9bde42c685d4ac10dd56ddb77dba96f006b9e307147b305bd693d0bd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5213A71500204DFDB05DF14D9C0B16BFA5FB94324F20C5ADE9094B356C33AE956E7A2
                                                                                                                                                                                                                                  Function 00B4D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1799163379.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b4d000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a53e452abe8df981f7e3194a83a2192fe50c71e63dc2c7ac2f3e67401216387d
                                                                                                                                                                                                                                  • Instruction ID: 5587b091f57dba79758befdb3503383335b59d4984ba2534bea42b519c18256b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a53e452abe8df981f7e3194a83a2192fe50c71e63dc2c7ac2f3e67401216387d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5213771600240DFDB05DF14D9C0B2BBFA5FBA8318F20C5A9E9094B256C736D956EBA1
                                                                                                                                                                                                                                  Function 00B5D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1799219378.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b5d000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4a9fed8e8f8cb9dbe44188333cf4b0bf1285276784c1244afdda5b7ac67cd012
                                                                                                                                                                                                                                  • Instruction ID: ab4bae8f6aad8ebf4149c16612ffd31734f5ac221c7d905a42c6a5475655bc8c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a9fed8e8f8cb9dbe44188333cf4b0bf1285276784c1244afdda5b7ac67cd012
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C721F271604240DFDB24DF14D9D4B26BBA5EB88315F28C6EDDD0A4B296C33AD84BCA61
                                                                                                                                                                                                                                  Function 00B5D005 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1799219378.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b5d000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 176584610317ad6545de6b627560e21ec37d87d73e5ac63d62231f7b3100ae79
                                                                                                                                                                                                                                  • Instruction ID: 52b9f7c6176e5b6cf69eceedbaf4f907d5d33778947c9c8f10861deca231ac0f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 176584610317ad6545de6b627560e21ec37d87d73e5ac63d62231f7b3100ae79
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 272165755093C08FDB16CF24D594715BF71EB45314F28C6DAD8498B697C33A980ACB62
                                                                                                                                                                                                                                  Function 00B4D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1799163379.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b4d000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                  • Instruction ID: a2dfcd5dfed89b0e70f24e16ae92d9ad0e813b74a27402a817c331fb7cbb1b22
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5110372504280CFCB02CF14D5C4B16BFB1FBA4318F24C6EAD8490B256C336D95ADBA1
                                                                                                                                                                                                                                  Function 00B4D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1799163379.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b4d000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                  • Instruction ID: ad180065a11cf27da79501f518f9fc15c3a839f853d45f8c03e7bce47a606a34
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D411E176504240CFCB02CF10D5C4B16BFB1FB94324F24C2A9D8090B356C33AE95ADBA1
                                                                                                                                                                                                                                  Function 00B4D989 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1799163379.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b4d000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5424363e62232f023f4ea4141906aada27381041797b1a95d3903f4635f7178d
                                                                                                                                                                                                                                  • Instruction ID: 24eefe8a0cd835f241b801a28e9fd772376cda2faaad242367d9f04566755f46
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5424363e62232f023f4ea4141906aada27381041797b1a95d3903f4635f7178d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0012B31009340AAE7104B1ACDC4767FFD8EF51324F18C5AEED098A286C739D940E671
                                                                                                                                                                                                                                  Function 00B4D988 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1799163379.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b4d000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b061df0ecdeade365c6ee68f1b63fef0c00072bf8f8c405f458c84f76498de37
                                                                                                                                                                                                                                  • Instruction ID: 7c4f6058ce199fad649633cf2fa914645d0d02c17af34dc34b1d9dbae5da239c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b061df0ecdeade365c6ee68f1b63fef0c00072bf8f8c405f458c84f76498de37
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FF0C271008340AAEB108A1AC884B62FFE8EF51324F18C45EED484A286C2799844DA71

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 07740007 Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1815990765.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_7740000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ed03f785bba9ea3cb67b0964cb3649c8f847f4bea6c8fd6b4e334b46d5bd3934
                                                                                                                                                                                                                                  • Instruction ID: ec30254ce3327bd2b64a8d1875247db76672e8b182e3a462fe4dbb91a3d726e6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed03f785bba9ea3cb67b0964cb3649c8f847f4bea6c8fd6b4e334b46d5bd3934
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AD1E4B4E00218CFDB54DFA9D990B9DBBB2BF89300F1485AAD409AB365DB345D86CF50
                                                                                                                                                                                                                                  Function 0774001B Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1815990765.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_7740000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7c007e36091a9e2450b35bacf493527cac63d12b26dc94845b0b8f8e3320007b
                                                                                                                                                                                                                                  • Instruction ID: cd35d6a51cb246eaa5dcd713009301c1ae84185c43994631bac3139d1ff5a3f5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c007e36091a9e2450b35bacf493527cac63d12b26dc94845b0b8f8e3320007b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBC1B4B4E01218CFDB54DFA9D990B9DBBB2BF89300F1485AAD409AB354DB345D85CF50
                                                                                                                                                                                                                                  Function 07740040 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1815990765.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_7740000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 497d50bd33ff991fca209e5bb29840507379cfaea612b4850e86e4ffcccf5bd7
                                                                                                                                                                                                                                  • Instruction ID: 39e1d3447b4368513df8eaea17d517753a9e4297f3437d2f1d5fa210db3be530
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 497d50bd33ff991fca209e5bb29840507379cfaea612b4850e86e4ffcccf5bd7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80C192B4E01218CFDB54DFA9D990B9DBBB2BF89300F1485AAD409AB364DB345E85CF50
                                                                                                                                                                                                                                  Function 077419A7 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000006.00000002.1815990765.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_7740000_Invoice-BL.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c174610984e2501f736166d37fb8a9fa93121788b82373cb90e63ab535d5a70f
                                                                                                                                                                                                                                  • Instruction ID: 5b18b4978068739522dfece7bfaedf8f490dc12c5ee819961ae3341880d58cad
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c174610984e2501f736166d37fb8a9fa93121788b82373cb90e63ab535d5a70f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DEE0D8B0C5A20EDADB14FF91C5017FFF6756B46340FA05445C40573240DB7046848F55

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:11%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:99%
                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                  Total number of Nodes:314
                                                                                                                                                                                                                                  Total number of Limit Nodes:13
                                                                                                                                                                                                                                  execution_graph 55013 6f977c8 55014 6f977e0 55013->55014 55015 6f9786d 55014->55015 55017 72f886a 55014->55017 55019 72f8877 55017->55019 55021 72f88b2 55017->55021 55018 72f8a2b 55018->55015 55019->55015 55021->55018 55022 72f25b8 55021->55022 55023 72f8b20 PostMessageW 55022->55023 55024 72f8b8c 55023->55024 55024->55021 54974 4a4d580 54975 4a4d5c6 54974->54975 54979 4a4d760 54975->54979 54982 4a4d75a 54975->54982 54976 4a4d6b3 54985 4a4d090 54979->54985 54983 4a4d78e 54982->54983 54984 4a4d090 DuplicateHandle 54982->54984 54983->54976 54984->54983 54986 4a4d7c8 DuplicateHandle 54985->54986 54987 4a4d78e 54986->54987 54987->54976 54988 58e76a8 54989 58e76d5 54988->54989 55004 58e737c 54989->55004 54991 58e77a6 54992 58e737c CreateWindowExW 54991->54992 54993 58e780a 54992->54993 55009 58e738c 54993->55009 54996 58e737c CreateWindowExW 54997 58e786e 54996->54997 54998 58e738c CreateWindowExW 54997->54998 54999 58e78a0 54998->54999 55000 58e737c CreateWindowExW 54999->55000 55001 58e7936 55000->55001 55002 58e737c CreateWindowExW 55001->55002 55003 58e799a 55002->55003 55005 58e7387 55004->55005 55007 4a48c70 CreateWindowExW 55005->55007 55008 4a476b8 CreateWindowExW 55005->55008 55006 58e9953 55006->54991 55007->55006 55008->55006 55010 58e7397 55009->55010 55011 58e758c CreateWindowExW 55010->55011 55012 58e783c 55011->55012 55012->54996 55025 4a4b218 55026 4a4b227 55025->55026 55028 4a4b300 55025->55028 55029 4a4b344 55028->55029 55030 4a4b321 55028->55030 55029->55026 55030->55029 55031 4a4b548 GetModuleHandleW 55030->55031 55032 4a4b575 55031->55032 55032->55026 55033 4a44668 55034 4a4467a 55033->55034 55035 4a44686 55034->55035 55039 4a44778 55034->55039 55044 4a43e34 55035->55044 55037 4a446a5 55040 4a4479d 55039->55040 55048 4a44888 55040->55048 55052 4a44878 55040->55052 55045 4a43e3f 55044->55045 55060 4a45c94 55045->55060 55047 4a47048 55047->55037 55049 4a448af 55048->55049 55050 4a4498c 55049->55050 55056 4a444b4 55049->55056 55053 4a448af 55052->55053 55054 4a4498c 55053->55054 55055 4a444b4 CreateActCtxA 55053->55055 55054->55054 55055->55054 55057 4a45918 CreateActCtxA 55056->55057 55059 4a459db 55057->55059 55061 4a45c9f 55060->55061 55064 4a45e6c 55061->55064 55063 4a47afd 55063->55047 55065 4a45e77 55064->55065 55068 4a47688 55065->55068 55067 4a47bda 55067->55063 55069 4a47693 55068->55069 55070 4a476b8 CreateWindowExW 55069->55070 55071 4a47ccd 55070->55071 55071->55067 54839 aad1b4 54840 aad1cc 54839->54840 54841 aad226 54840->54841 54846 58e0bac 54840->54846 54855 58e2cf8 54840->54855 54864 58e1fa8 54840->54864 54868 58e1f98 54840->54868 54847 58e0bb7 54846->54847 54848 58e2d69 54847->54848 54850 58e2d59 54847->54850 54885 58e0cd4 54848->54885 54872 58e2f5c 54850->54872 54877 58e2e81 54850->54877 54881 58e2e90 54850->54881 54851 58e2d67 54851->54851 54858 58e2d35 54855->54858 54856 58e2d69 54857 58e0cd4 CallWindowProcW 54856->54857 54860 58e2d67 54857->54860 54858->54856 54859 58e2d59 54858->54859 54861 58e2f5c CallWindowProcW 54859->54861 54862 58e2e90 CallWindowProcW 54859->54862 54863 58e2e81 CallWindowProcW 54859->54863 54860->54860 54861->54860 54862->54860 54863->54860 54865 58e1fce 54864->54865 54866 58e0bac CallWindowProcW 54865->54866 54867 58e1fef 54866->54867 54867->54841 54869 58e1fce 54868->54869 54870 58e0bac CallWindowProcW 54869->54870 54871 58e1fef 54870->54871 54871->54841 54873 58e2f6a 54872->54873 54874 58e2f1a 54872->54874 54889 58e2f48 54874->54889 54875 58e2f30 54875->54851 54879 58e2ea4 54877->54879 54878 58e2f30 54878->54851 54880 58e2f48 CallWindowProcW 54879->54880 54880->54878 54882 58e2ea4 54881->54882 54884 58e2f48 CallWindowProcW 54882->54884 54883 58e2f30 54883->54851 54884->54883 54886 58e0cdf 54885->54886 54887 58e444a CallWindowProcW 54886->54887 54888 58e43f9 54886->54888 54887->54888 54888->54851 54890 58e2f59 54889->54890 54892 58e438a 54889->54892 54890->54875 54893 58e0cd4 CallWindowProcW 54892->54893 54894 58e439a 54893->54894 54894->54890 54895 58ea690 54896 58ea6a0 54895->54896 54899 58e758c 54896->54899 54898 58ea6af 54900 58e7597 54899->54900 54903 58ea6e2 54900->54903 54904 4a48c70 54900->54904 54909 4a476b8 54900->54909 54903->54898 54905 4a48cab 54904->54905 54906 4a48f71 54905->54906 54914 4a4d2b8 54905->54914 54919 4a4d2a9 54905->54919 54906->54903 54911 4a476c3 54909->54911 54910 4a48f71 54910->54903 54911->54910 54912 4a4d2b8 CreateWindowExW 54911->54912 54913 4a4d2a9 CreateWindowExW 54911->54913 54912->54910 54913->54910 54915 4a4d2d9 54914->54915 54916 4a4d2fd 54915->54916 54924 4a4d457 54915->54924 54928 4a4d468 54915->54928 54916->54906 54920 4a4d2d9 54919->54920 54921 4a4d2fd 54920->54921 54922 4a4d457 CreateWindowExW 54920->54922 54923 4a4d468 CreateWindowExW 54920->54923 54921->54906 54922->54921 54923->54921 54926 4a4d475 54924->54926 54925 4a4d4af 54925->54916 54926->54925 54932 4a4cfc8 54926->54932 54929 4a4d475 54928->54929 54930 4a4cfc8 CreateWindowExW 54929->54930 54931 4a4d4af 54929->54931 54930->54931 54931->54916 54934 4a4cfd3 54932->54934 54933 4a4ddc0 54934->54933 54936 4a4d0f4 54934->54936 54937 4a4d0ff 54936->54937 54938 4a476b8 CreateWindowExW 54937->54938 54939 4a4de2f 54938->54939 54943 4a4fb78 54939->54943 54948 4a4fb90 54939->54948 54940 4a4de69 54940->54933 54944 4a4fbc1 54943->54944 54945 4a4fbcd 54943->54945 54944->54945 54953 58e0e98 54944->54953 54958 58e0eb8 54944->54958 54945->54940 54949 4a4fbcd 54948->54949 54950 4a4fbc1 54948->54950 54949->54940 54950->54949 54951 58e0e98 CreateWindowExW 54950->54951 54952 58e0eb8 CreateWindowExW 54950->54952 54951->54949 54952->54949 54954 58e0e9d 54953->54954 54955 58e0e19 54954->54955 54963 58e1da0 54954->54963 54966 58e1c90 54954->54966 54955->54955 54960 58e0ee3 54958->54960 54959 58e0f92 54959->54959 54960->54959 54961 58e1da0 CreateWindowExW 54960->54961 54962 58e1c90 CreateWindowExW 54960->54962 54961->54959 54962->54959 54970 58e0b80 54963->54970 54967 58e1ca2 54966->54967 54967->54967 54968 58e1dd5 54967->54968 54969 58e0b80 CreateWindowExW 54967->54969 54968->54955 54969->54968 54971 58e1df0 CreateWindowExW 54970->54971 54973 58e1f14 54971->54973 55072 72f5ff0 55073 72f5ffa 55072->55073 55074 72f6170 55072->55074 55078 72f7606 55073->55078 55093 72f7590 55073->55093 55107 72f75a0 55073->55107 55079 72f7594 55078->55079 55081 72f7609 55078->55081 55080 72f75c2 55079->55080 55121 72f7f96 55079->55121 55125 72f7fd9 55079->55125 55129 72f7cb9 55079->55129 55134 72f7efb 55079->55134 55138 72f7e4d 55079->55138 55143 72f7b2e 55079->55143 55151 72f7b7f 55079->55151 55161 72f8070 55079->55161 55166 72f7ce2 55079->55166 55171 72f78d4 55079->55171 55177 72f8194 55079->55177 55080->55074 55081->55074 55094 72f7594 55093->55094 55095 72f7b7f 4 API calls 55094->55095 55096 72f7b2e 2 API calls 55094->55096 55097 72f7e4d 2 API calls 55094->55097 55098 72f7efb 2 API calls 55094->55098 55099 72f7cb9 2 API calls 55094->55099 55100 72f7fd9 2 API calls 55094->55100 55101 72f75c2 55094->55101 55102 72f7f96 2 API calls 55094->55102 55103 72f8194 3 API calls 55094->55103 55104 72f78d4 2 API calls 55094->55104 55105 72f7ce2 2 API calls 55094->55105 55106 72f8070 2 API calls 55094->55106 55095->55101 55096->55101 55097->55101 55098->55101 55099->55101 55100->55101 55101->55074 55102->55101 55103->55101 55104->55101 55105->55101 55106->55101 55108 72f75ba 55107->55108 55109 72f75c2 55108->55109 55110 72f7b7f 4 API calls 55108->55110 55111 72f7b2e 2 API calls 55108->55111 55112 72f7e4d 2 API calls 55108->55112 55113 72f7efb 2 API calls 55108->55113 55114 72f7cb9 2 API calls 55108->55114 55115 72f7fd9 2 API calls 55108->55115 55116 72f7f96 2 API calls 55108->55116 55117 72f8194 3 API calls 55108->55117 55118 72f78d4 2 API calls 55108->55118 55119 72f7ce2 2 API calls 55108->55119 55120 72f8070 2 API calls 55108->55120 55109->55074 55110->55109 55111->55109 55112->55109 55113->55109 55114->55109 55115->55109 55116->55109 55117->55109 55118->55109 55119->55109 55120->55109 55181 72f58c8 55121->55181 55185 72f58d0 55121->55185 55122 72f7fba 55189 72f59b8 55125->55189 55193 72f59c0 55125->55193 55126 72f7ffb 55130 72f7b0c 55129->55130 55130->55129 55131 72f7b1e 55130->55131 55132 72f58c8 WriteProcessMemory 55130->55132 55133 72f58d0 WriteProcessMemory 55130->55133 55131->55080 55132->55130 55133->55130 55197 72f5738 55134->55197 55201 72f5731 55134->55201 55135 72f7c00 55135->55080 55139 72f7e5a 55138->55139 55205 72f5688 55139->55205 55209 72f5680 55139->55209 55140 72f8353 55144 72f8372 55143->55144 55145 72f7b1e 55143->55145 55147 72f58c8 WriteProcessMemory 55144->55147 55148 72f58d0 WriteProcessMemory 55144->55148 55145->55080 55146 72f7b0c 55146->55145 55149 72f58c8 WriteProcessMemory 55146->55149 55150 72f58d0 WriteProcessMemory 55146->55150 55147->55146 55148->55146 55149->55146 55150->55146 55213 72f5809 55151->55213 55217 72f5810 55151->55217 55152 72f7b37 55159 72f58c8 WriteProcessMemory 55152->55159 55160 72f58d0 WriteProcessMemory 55152->55160 55153 72f7b0c 55154 72f7b1e 55153->55154 55157 72f58c8 WriteProcessMemory 55153->55157 55158 72f58d0 WriteProcessMemory 55153->55158 55154->55080 55157->55153 55158->55153 55159->55153 55160->55153 55162 72f7b0c 55161->55162 55163 72f7b1e 55162->55163 55164 72f58c8 WriteProcessMemory 55162->55164 55165 72f58d0 WriteProcessMemory 55162->55165 55163->55080 55164->55162 55165->55162 55167 72f7cef 55166->55167 55169 72f5688 ResumeThread 55167->55169 55170 72f5680 ResumeThread 55167->55170 55168 72f8353 55169->55168 55170->55168 55173 72f7903 55171->55173 55172 72f853d 55172->55080 55173->55172 55221 72f5b4c 55173->55221 55225 72f5b58 55173->55225 55229 72f881f 55177->55229 55237 72f8830 55177->55237 55178 72f81ac 55182 72f58d0 WriteProcessMemory 55181->55182 55184 72f596f 55182->55184 55184->55122 55186 72f5918 WriteProcessMemory 55185->55186 55188 72f596f 55186->55188 55188->55122 55190 72f5a0b ReadProcessMemory 55189->55190 55192 72f5a4f 55190->55192 55192->55126 55194 72f5a0b ReadProcessMemory 55193->55194 55196 72f5a4f 55194->55196 55196->55126 55198 72f577d Wow64SetThreadContext 55197->55198 55200 72f57c5 55198->55200 55200->55135 55202 72f577d Wow64SetThreadContext 55201->55202 55204 72f57c5 55202->55204 55204->55135 55206 72f56c8 ResumeThread 55205->55206 55208 72f56f9 55206->55208 55208->55140 55210 72f56c8 ResumeThread 55209->55210 55212 72f56f9 55210->55212 55212->55140 55214 72f5850 VirtualAllocEx 55213->55214 55216 72f588d 55214->55216 55216->55152 55218 72f5850 VirtualAllocEx 55217->55218 55220 72f588d 55218->55220 55220->55152 55222 72f5b58 CreateProcessA 55221->55222 55224 72f5da3 55222->55224 55226 72f5be1 CreateProcessA 55225->55226 55228 72f5da3 55226->55228 55230 72f882a 55229->55230 55231 72f8896 55229->55231 55235 72f5738 Wow64SetThreadContext 55230->55235 55236 72f5731 Wow64SetThreadContext 55230->55236 55233 72f8a2b 55231->55233 55234 72f25b8 PostMessageW 55231->55234 55232 72f885b 55232->55178 55233->55178 55233->55233 55234->55231 55235->55232 55236->55232 55238 72f8845 55237->55238 55240 72f5738 Wow64SetThreadContext 55238->55240 55241 72f5731 Wow64SetThreadContext 55238->55241 55239 72f885b 55239->55178 55240->55239 55241->55239

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 08744117 Relevance: 8.9, Strings: 5, Instructions: 2607COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: (okq$4'kq$4'kq$4'kq$4'kq
                                                                                                                                                                                                                                  • API String ID: 0-1221226406
                                                                                                                                                                                                                                  • Opcode ID: a699cb6c5b46baa21d3428a30ad7b6ad4f644451abd18f2ca8aebaf6604dcb0c
                                                                                                                                                                                                                                  • Instruction ID: a55e17acedc4e495ac7b85df641c2291c4a9c81ec6dd54f55e5e4d00ceff6953
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a699cb6c5b46baa21d3428a30ad7b6ad4f644451abd18f2ca8aebaf6604dcb0c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E430974A01219CFDB24DF28C988A9DB7B2FF89301F259599D409AB365DB31ED82CF50
                                                                                                                                                                                                                                  Function 08743668 Relevance: 7.0, Strings: 5, Instructions: 725COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: (okq$(okq$,oq$,oq$Hoq
                                                                                                                                                                                                                                  • API String ID: 0-811331273
                                                                                                                                                                                                                                  • Opcode ID: 702895590578025d577c79cf68f160b5b09fd6c03421d719a59d9bdd8c5442a3
                                                                                                                                                                                                                                  • Instruction ID: a1e3051ee68842d84e0050a3fcac0e2d0f3ebfa0aab7a3ef622b5530a47508aa
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 702895590578025d577c79cf68f160b5b09fd6c03421d719a59d9bdd8c5442a3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0525F35A00115DFCB18DF69C584E6EB7B6FF84311B159169E80ADB3A9DB31EC42CBA0
                                                                                                                                                                                                                                  Function 08741240 Relevance: 1.9, Strings: 1, Instructions: 649COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: d
                                                                                                                                                                                                                                  • API String ID: 0-2564639436
                                                                                                                                                                                                                                  • Opcode ID: 5ec846b7a643b4e9c3c1013c7f3a1bd4938a238ba40d6135703b92d9c8106277
                                                                                                                                                                                                                                  • Instruction ID: 93d85177fbddc3439e51cc04ab9534b9c3b28bb889de44f750aae9534881731a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ec846b7a643b4e9c3c1013c7f3a1bd4938a238ba40d6135703b92d9c8106277
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A62CF74E01228CFDB24DF69C984BDDBBB2BB49301F5091E9D409A7255DB31AE86CF60
                                                                                                                                                                                                                                  Function 08741230 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: d
                                                                                                                                                                                                                                  • API String ID: 0-2564639436
                                                                                                                                                                                                                                  • Opcode ID: afa5e255c50c33b720b07796794059f11186aa90f9b070d1979461e99c1d013f
                                                                                                                                                                                                                                  • Instruction ID: e5d2c57c06b8b831c7367d511aac8097f751967ee4e9d1879a9db5156cf8cfd9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: afa5e255c50c33b720b07796794059f11186aa90f9b070d1979461e99c1d013f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7051D471E00228CFDB24DF66CD447DEBBB2AB89301F5091AAD41DA7354DB355A86CF50
                                                                                                                                                                                                                                  Function 0874A348 Relevance: 3.9, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1393 874a348-874a35f 1395 874a361-874a370 1393->1395 1396 874a3c2-874a3d0 1393->1396 1395->1396 1399 874a372-874a37e call 8748a74 1395->1399 1400 874a3d2-874a3dd call 8748a34 1396->1400 1401 874a3e3-874a3e5 1396->1401 1407 874a380-874a38c call 8748a84 1399->1407 1408 874a392-874a3ae 1399->1408 1400->1401 1409 874a4a1-874a4ea 1400->1409 1406 874a3ec-874a3fb 1401->1406 1413 874a413-874a416 1406->1413 1414 874a3fd-874a40c 1406->1414 1407->1408 1417 874a417-874a455 1407->1417 1421 874a3b4-874a3b8 1408->1421 1422 874a45c-874a49a 1408->1422 1436 874a4f2 1409->1436 1437 874a4ec-874a4f1 1409->1437 1414->1413 1417->1422 1421->1396 1422->1409 1438 874a4f4-874a4f9 1436->1438 1439 874a4fa-874a515 1436->1439 1437->1436 1438->1439 1442 874a517-874a51d 1439->1442 1443 874a52d-874a52e 1439->1443 1444 874a521-874a523 1442->1444 1445 874a51f 1442->1445 1444->1443 1445->1443
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Hoq$Hoq$Hoq
                                                                                                                                                                                                                                  • API String ID: 0-3310881576
                                                                                                                                                                                                                                  • Opcode ID: c9cfe5b1956cece333177000f654efee66007ac4f5b5726bcde2ebe036866654
                                                                                                                                                                                                                                  • Instruction ID: 1ed1a4fc42db9163ac98640142d9bf685c78813dc53bf9fc4a96b59ccaf11169
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9cfe5b1956cece333177000f654efee66007ac4f5b5726bcde2ebe036866654
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B41DC313456108FEB65AB78951452EBBEBAFC9246B24187DD447CB789EF38DC038362
                                                                                                                                                                                                                                  Function 06F99250 Relevance: 3.9, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1446 6f99250-6f9925d 1447 6f9929a 1446->1447 1448 6f9925f-6f99276 1446->1448 1451 6f9929e-6f993ae 1447->1451 1449 6f99333-6f99342 1448->1449 1454 6f9934d-6f9934f 1449->1454 1467 6f9932a 1451->1467 1454->1451 1469 6f99280 1467->1469 1470 6f99287-6f99331 1467->1470 1469->1449 1469->1470 1471 6f99315-6f99329 1469->1471 1472 6f992b7-6f992d5 1469->1472 1470->1467 1477 6f992dc-6f992e9 1472->1477 1478 6f992d7-6f992da 1472->1478 1479 6f992eb-6f992fa 1477->1479 1478->1479 1482 6f992fc-6f99302 1479->1482 1483 6f99312 1479->1483 1484 6f99304 1482->1484 1485 6f99306-6f99308 1482->1485 1483->1471 1484->1483 1485->1483
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 8oq$8oq$8oq
                                                                                                                                                                                                                                  • API String ID: 0-3142328661
                                                                                                                                                                                                                                  • Opcode ID: b9460ea23417e516fac774a36b8d4bfd031de45f3b07acbfc84f028c27e513ea
                                                                                                                                                                                                                                  • Instruction ID: 1d28ab68898cece9eeda1e73857e76e1da879dc9794544249be0ecc31074d48d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9460ea23417e516fac774a36b8d4bfd031de45f3b07acbfc84f028c27e513ea
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D731F676A08309DFFF809FB584069BE77B9EBC5300F5A445ED64AA72C5C6B1480287F2
                                                                                                                                                                                                                                  Function 06F9837F Relevance: 3.8, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1508 6f9837f-6f98387 1509 6f98389-6f9851d 1508->1509 1510 6f983c4-6f983d7 1508->1510 1519 6f98513 1509->1519 1511 6f983e0-6f983e2 1510->1511 1512 6f983fa-6f98417 1511->1512 1513 6f983e4-6f983ea 1511->1513 1520 6f9841d-6f98428 1512->1520 1521 6f98582-6f98587 1512->1521 1515 6f983ec 1513->1515 1516 6f983ee-6f983f0 1513->1516 1515->1512 1516->1512 1520->1519
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 8$$kq$$kq
                                                                                                                                                                                                                                  • API String ID: 0-3705916258
                                                                                                                                                                                                                                  • Opcode ID: 53ddeda6bcd5d0267558dd413562441713124028383215d45c35175c3fa45cf4
                                                                                                                                                                                                                                  • Instruction ID: a7551f4643f27433368073bd4bd7639bb27b70b8a04f1d52cdffbbd30a73b53f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53ddeda6bcd5d0267558dd413562441713124028383215d45c35175c3fa45cf4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3201DB30B5020CDFFFB45A7CD806B7D3A61A701740F108816E5235A2C6CAA4C444C7F1
                                                                                                                                                                                                                                  Function 06F92AD8 Relevance: 2.7, Strings: 2, Instructions: 225COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1523 6f92ad8-6f92ae7 1524 6f92aef-6f92af1 1523->1524 1525 6f92b0b-6f92b42 1524->1525 1526 6f92af3-6f92b08 1524->1526 1533 6f92b4a 1525->1533 1534 6f92b44-6f92b46 1525->1534 1537 6f92b4b-6f92b4c 1533->1537 1538 6f92b52-6f92b78 call 6f920d8 1533->1538 1535 6f92b48-6f92b49 1534->1535 1536 6f92b4e 1534->1536 1535->1533 1536->1538 1537->1536 1541 6f92b7e-6f92b80 1538->1541 1542 6f92c24-6f92c3b 1538->1542 1543 6f92cb0-6f92d57 1541->1543 1544 6f92b86-6f92b91 call 6f922f0 1541->1544 1557 6f92c3d-6f92c3f 1542->1557 1558 6f92c41 1542->1558 1584 6f92d59-6f92d5f 1543->1584 1585 6f92d60-6f92d81 1543->1585 1550 6f92bae-6f92bb2 1544->1550 1551 6f92b93-6f92b95 1544->1551 1554 6f92c11-6f92c1a 1550->1554 1555 6f92bb4-6f92bc8 call 6f92418 1550->1555 1552 6f92ba0-6f92bab call 6f916cc 1551->1552 1553 6f92b97-6f92b9e 1551->1553 1552->1550 1553->1550 1567 6f92bca-6f92bdb call 6f916cc 1555->1567 1568 6f92bde-6f92be2 1555->1568 1561 6f92c46-6f92c48 1557->1561 1558->1561 1565 6f92c4a-6f92c76 1561->1565 1566 6f92c7d-6f92ca9 1561->1566 1565->1566 1566->1543 1567->1568 1573 6f92bea-6f92c03 1568->1573 1574 6f92be4 1568->1574 1578 6f92c0e 1573->1578 1579 6f92c05 1573->1579 1574->1573 1578->1554 1579->1578 1584->1585
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: (oq$Hoq
                                                                                                                                                                                                                                  • API String ID: 0-3084834809
                                                                                                                                                                                                                                  • Opcode ID: a10f9b7945d88fb1db382c9be657388c6d89997d9694934fd26e7ff9b6111651
                                                                                                                                                                                                                                  • Instruction ID: 7372770c9641b3a8137ed78546ad0739cd668d4f73a267216afb6e5402fbd4a3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a10f9b7945d88fb1db382c9be657388c6d89997d9694934fd26e7ff9b6111651
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB71A071E102189FEF94EF69D9147AEBBF6EBC8310F108429E505A7390DB349E05CBA5
                                                                                                                                                                                                                                  Function 06F982D0 Relevance: 2.5, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1741 6f982d0-6f98335 1757 6f98335 call 6f9839f 1741->1757 1758 6f98335 call 6f9837f 1741->1758 1745 6f9833b-6f9833d 1749 6f982fc-6f9830b 1745->1749 1750 6f982e6-6f982ec 1745->1750 1753 6f9830d-6f9831a 1749->1753 1754 6f9833f-6f98357 1749->1754 1751 6f982ee 1750->1751 1752 6f982f0-6f982f2 1750->1752 1751->1749 1752->1749 1753->1754 1755 6f9831c-6f98332 1753->1755 1757->1745 1758->1745
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $kq$$kq
                                                                                                                                                                                                                                  • API String ID: 0-3550614674
                                                                                                                                                                                                                                  • Opcode ID: 5d94dadd55d26882a91f96e4c91dbdd4dc1cce85188dd4a9dae8841af56aa5e8
                                                                                                                                                                                                                                  • Instruction ID: beb2a61e1d09e2683e3ea118f3df0bee412755291a4e750c9f90d6a319d15ac5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d94dadd55d26882a91f96e4c91dbdd4dc1cce85188dd4a9dae8841af56aa5e8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C801D22190A2408FFBA5DB25D811A21BBA5BB03384F548AAF902ACB152C7358845C3F6
                                                                                                                                                                                                                                  Function 06F9839F Relevance: 2.5, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1767 6f9839f-6f983d7 1769 6f983e0-6f983e2 1767->1769 1770 6f983fa-6f98417 1769->1770 1771 6f983e4-6f983ea 1769->1771 1775 6f9841d-6f98513 1770->1775 1776 6f98582-6f98587 1770->1776 1772 6f983ec 1771->1772 1773 6f983ee-6f983f0 1771->1773 1772->1770 1773->1770
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 8$$kq
                                                                                                                                                                                                                                  • API String ID: 0-204093185
                                                                                                                                                                                                                                  • Opcode ID: 4b4ed41f29d671e419bbc9e253b8e0c0668f49a04f747dcecaae01c3a10fe4e1
                                                                                                                                                                                                                                  • Instruction ID: ccf288f18533928a56bfb1174cb1bd0afb24e0405d3fa4ddc6c9ad03b15b1b4a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b4ed41f29d671e419bbc9e253b8e0c0668f49a04f747dcecaae01c3a10fe4e1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FBF0C831B50204DFFFA09A28CC57BB97662AB11750F144C96DD16AF681E6E4C950C7A1
                                                                                                                                                                                                                                  Function 072F5B4C Relevance: 1.8, APIs: 1, Instructions: 252processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 072F5D8E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747250947.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_72f0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                                                                                                  • Opcode ID: ed9479f06137b42153b0079a25165f4103253552986f38ec5358bacf9439fe1b
                                                                                                                                                                                                                                  • Instruction ID: bc6bf7c64cd4106f3d28ec7c03c35f1f26af85f5b53de39811bdb58ced86f187
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed9479f06137b42153b0079a25165f4103253552986f38ec5358bacf9439fe1b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8A17BB1D1025ADFDB10CFA9C840BEEFBB2BF48310F0485A9E949A7250DB749995CF91
                                                                                                                                                                                                                                  Function 072F5B58 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 072F5D8E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747250947.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_72f0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                                                                                                  • Opcode ID: b46d9b45723202aa0f77846798846789c208c584d8cb9e452425347048aa8cb4
                                                                                                                                                                                                                                  • Instruction ID: ac8f4cc4c6f2d36e7eea0a2387a70c0ba8c47121ac19608c61d19f1bf62b5d87
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b46d9b45723202aa0f77846798846789c208c584d8cb9e452425347048aa8cb4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B917AB1D1025ACFDB10CFA9C8407EEFBB2BF48310F0485A9E949A7250DB749995CF91
                                                                                                                                                                                                                                  Function 06F93478 Relevance: 1.7, Strings: 1, Instructions: 457COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: PPz
                                                                                                                                                                                                                                  • API String ID: 0-2576757460
                                                                                                                                                                                                                                  • Opcode ID: caff213e697ac82b808883de8d14c7b7b054a620450a512d5093094e1ba83c42
                                                                                                                                                                                                                                  • Instruction ID: 6f0168267e1980a485a46f1bf6e61beb19e474b1a396ddf2e2ebca711bc5ea62
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: caff213e697ac82b808883de8d14c7b7b054a620450a512d5093094e1ba83c42
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2E10472F04206DFEF55AB68C8485AEBFF1EF85300F1544A9D442A72A5D731CC65CBA1
                                                                                                                                                                                                                                  Function 04A4B300 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 04A4B566
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1743700280.0000000004A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_4a40000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: 63076cf19549d4074231a83d21ce8af84830c59b9fc8994ac8ea9249fc843f06
                                                                                                                                                                                                                                  • Instruction ID: e740b3d4861045a393242d3bdbadc3eef0e50d1dd123d275dd992d33c69c7200
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63076cf19549d4074231a83d21ce8af84830c59b9fc8994ac8ea9249fc843f06
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A8125B0A00B058FDB64DF6AD54179ABBF1FF88304F108929D48AD7A50D774F94ACBA1
                                                                                                                                                                                                                                  Function 058E0B80 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 058E1F02
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1744848656.00000000058E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058E0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_58e0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                                                                                                                  • Opcode ID: 880540ad88990bc6e0ca64a49e3498b86dae702bbe5727627063ba3344984c43
                                                                                                                                                                                                                                  • Instruction ID: eb3d8dcc68d7f46ac8d5202ee832c587486d54bb5546cbaeac05bfe28494e522
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 880540ad88990bc6e0ca64a49e3498b86dae702bbe5727627063ba3344984c43
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7751AEB1D00309DFDB14CF99C984ADEBBB5BF49310F24852AE819AB210D775A985CF90
                                                                                                                                                                                                                                  Function 058E1DE4 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 058E1F02
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1744848656.00000000058E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058E0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_58e0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                                                                                                                  • Opcode ID: f5ea69897682cc40af19c8c467ec696a8f8638021d075ee478b8a09445d00624
                                                                                                                                                                                                                                  • Instruction ID: 099156685bf80037bb8c4ee7258e20b4b3fcad255ba348c98fe49d56b5e66aa3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5ea69897682cc40af19c8c467ec696a8f8638021d075ee478b8a09445d00624
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F851C2B1D00309DFDB14CF99C984ADEFBB6BF48310F24812AE819AB254D7719985CF90
                                                                                                                                                                                                                                  Function 04A4590C Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 04A459C9
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1743700280.0000000004A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_4a40000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 06a364b4e208ae050c9084818b7b6a6549856651e182c32d62f30c0833e510c8
                                                                                                                                                                                                                                  • Instruction ID: 6b24adbb4e2a0aa691d3a5d425c402eb6b9bca6086e8155def561d77f6ae6356
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06a364b4e208ae050c9084818b7b6a6549856651e182c32d62f30c0833e510c8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5441F3B0C01619DFDB24CFA9C8847CEBBF5BF89304F24806AD449AB255DB756986CF90
                                                                                                                                                                                                                                  Function 058E0CD4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 058E4471
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1744848656.00000000058E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058E0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_58e0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CallProcWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2714655100-0
                                                                                                                                                                                                                                  • Opcode ID: f2a9222d01245946a3b79c64ca2f489b3f85aa59e56be3a7d9d1bda9ba70ae74
                                                                                                                                                                                                                                  • Instruction ID: a05b94ff4bdf4355731f32556fabe1390d8f39d8f56115fa66b8c57cccff473e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2a9222d01245946a3b79c64ca2f489b3f85aa59e56be3a7d9d1bda9ba70ae74
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7411AB5A00209DFDB14CF99C448AAAFBF5FB89318F24C459D919AB321D774A845CFA0
                                                                                                                                                                                                                                  Function 04A444B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 04A459C9
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1743700280.0000000004A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_4a40000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 9ed6a320ea938b6c22e440cf563d8f5d47582a8a488bd518fc3ad80a978f6f29
                                                                                                                                                                                                                                  • Instruction ID: 333c0a6db8a82201668d17a3f29c6799c2469a08285c9b7424541e915c3524c3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ed6a320ea938b6c22e440cf563d8f5d47582a8a488bd518fc3ad80a978f6f29
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB41F0B0C0071DDFDB24CFA9C884B8EBBB5BF88304F20806AD449AB255DB75A945CF90
                                                                                                                                                                                                                                  Function 04A45A84 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1743700280.0000000004A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_4a40000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3c0a4f4f036f4925cde7baa961c64ffccaa1b86b06ef433ecef581f2146b7c7d
                                                                                                                                                                                                                                  • Instruction ID: 4a901b1fe09bf76c241199058eb687863f8e3f095454166283707134d9922ba9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c0a4f4f036f4925cde7baa961c64ffccaa1b86b06ef433ecef581f2146b7c7d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E31BEB1C05609DFDB11CFE8C8847DDBBF1EF86308F644199C446AB2A6D779A946CB01
                                                                                                                                                                                                                                  Function 072F58C8 Relevance: 1.6, APIs: 1, Instructions: 75injectionCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 072F5960
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747250947.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_72f0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                                                                                                  • Opcode ID: 716bc2560b428d05e2a7ac9fce359f1735937cfa2fedb4b9f3f15ac0689bc00d
                                                                                                                                                                                                                                  • Instruction ID: a75672850c5c54d59c1eceb0e451180757571427b558048ed997fec65838c728
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 716bc2560b428d05e2a7ac9fce359f1735937cfa2fedb4b9f3f15ac0689bc00d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A214BB5900359DFCB10CFA9C841BEEBBF4FF48320F10882AE559A7250C7759954CBA1
                                                                                                                                                                                                                                  Function 072F58D0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 072F5960
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747250947.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_72f0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                                                                                                  • Opcode ID: e8967312f256f72247065f450b2293a4556d397546954ef13ec99466df2b2175
                                                                                                                                                                                                                                  • Instruction ID: d65c985a4138805901b09d9ec1c3382bd79f9a0f2569ddb91edea55a9c494e0d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8967312f256f72247065f450b2293a4556d397546954ef13ec99466df2b2175
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13212AB5900359DFCB10CFAAC885BDEBBF5FF48320F108429E559A7250C7749954CBA4
                                                                                                                                                                                                                                  Function 072F5731 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 072F57B6
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747250947.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_72f0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                                                                                                                  • Opcode ID: 4a51eaf3c7c786ccf5482ea8325d5eeb44d617908ec1e19b84481e0be6067a29
                                                                                                                                                                                                                                  • Instruction ID: 4f4ba1df8661a0ad308541a7c7069cbff198730f6b845c1357f915ebf8b4b43b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a51eaf3c7c786ccf5482ea8325d5eeb44d617908ec1e19b84481e0be6067a29
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F72157B2900209CFDB10DFAAC5857EEFBF4AF88320F14842AD459A7240C7789A44CFA0
                                                                                                                                                                                                                                  Function 072F59B8 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 072F5A40
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747250947.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_72f0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                                                                                  • Opcode ID: 52d125b06b31ad70fdfbba20c40b0d100edc232318df1428f14efd21cb474f8c
                                                                                                                                                                                                                                  • Instruction ID: 7c06163e542d32c874a8e21ee62c1587dc47ced324a6324e2ebc05b1dd343ed2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52d125b06b31ad70fdfbba20c40b0d100edc232318df1428f14efd21cb474f8c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 562139B1C002599FCB10CF9AC981BEEFBF5FF48310F10842AE559A7250C7359954CBA4
                                                                                                                                                                                                                                  Function 04A4D090 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,04A4D78E,?,?,?,?,?), ref: 04A4D84F
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1743700280.0000000004A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_4a40000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: 0ce4487c03c792d7d8b28ddd7dbf2a11788ccd20847181355044fa79eb3deed4
                                                                                                                                                                                                                                  • Instruction ID: f8e7813a0bb7f6ca23037c7324b937b394e85a7fc4132d02917dfb3a9ef03f2d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ce4487c03c792d7d8b28ddd7dbf2a11788ccd20847181355044fa79eb3deed4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E21E3B5900208DFDB10CF9AD584AEEBBF4EB48324F14841AE919A7350D378A940CFA5
                                                                                                                                                                                                                                  Function 072F5738 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 072F57B6
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747250947.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_72f0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                                                                                                                  • Opcode ID: d1d95df87e9d2cd5e8fbe17fda8b8ecdcb8ffcb513e031b5f0d2ebe7efca410c
                                                                                                                                                                                                                                  • Instruction ID: ecd406337212c4b1d5f024fcd9d66d2d664f47f1816ad619bdaf6282ee308e7b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1d95df87e9d2cd5e8fbe17fda8b8ecdcb8ffcb513e031b5f0d2ebe7efca410c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B12104B19003099FDB10DFAAC4857AEFBF4AB48324F14842AD559A7251DB78AA44CFA4
                                                                                                                                                                                                                                  Function 072F59C0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 072F5A40
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747250947.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_72f0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                                                                                  • Opcode ID: b48165269d0068d192d08f901f6aee0f9e7b5575420b9bb72f737d04ef8f75dd
                                                                                                                                                                                                                                  • Instruction ID: 5a0fd8951087b788f061bb1322812a73846b1468be0e01a4cd957000c3afa52c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b48165269d0068d192d08f901f6aee0f9e7b5575420b9bb72f737d04ef8f75dd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 452116B18002599FCB10DFAAC881BDEFBF5FF48320F108429E559A7250D7759954CBA4
                                                                                                                                                                                                                                  Function 04A4D7C0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,04A4D78E,?,?,?,?,?), ref: 04A4D84F
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1743700280.0000000004A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_4a40000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: 9afb7ccc21f480a3b952c0c657a0c07dc9b2f4d90c602a2c369971dd20fc157f
                                                                                                                                                                                                                                  • Instruction ID: 6794c09128624c0e7708723502d5c3334c2b8228f22944a8e05cec2ce1b053ae
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9afb7ccc21f480a3b952c0c657a0c07dc9b2f4d90c602a2c369971dd20fc157f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 752114B5D00209DFDB10CFA9D584ADEBBF5FB48320F10842AE918A3210C374A940CF60
                                                                                                                                                                                                                                  Function 072F5809 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 072F587E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747250947.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_72f0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                  • Opcode ID: 01774ba433f50347cde7c7ee14ed967483ff63a52657e6ce3d79f08235211c48
                                                                                                                                                                                                                                  • Instruction ID: 86a08f90861e4a310c9149bd8004bffeec272a630716f8628a5c97918c23029f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01774ba433f50347cde7c7ee14ed967483ff63a52657e6ce3d79f08235211c48
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F1159B6800249DFCB10CFA9C945BEFBFF5EB88320F14881AE559A7260C7759954CFA0
                                                                                                                                                                                                                                  Function 072F5810 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 072F587E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747250947.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_72f0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                  • Opcode ID: d6b7058075fe463fb1472effe9a17ddb1bf8aeb872619462fcade644d18fb537
                                                                                                                                                                                                                                  • Instruction ID: 11850311b371d682ced6f8afa89689a3d8a54e6b11dc82c1f056f81da3c376b5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6b7058075fe463fb1472effe9a17ddb1bf8aeb872619462fcade644d18fb537
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A61114B19002499FCB10DFAAC845BDEBBF5EB48320F108829E559A7260C775A954CBA0
                                                                                                                                                                                                                                  Function 072F5680 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747250947.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_72f0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                                                                                  • Opcode ID: 96ef4e39a1d7fbc30381bc7322641e076ce7f2720c689cd816d97cad1d97a5ae
                                                                                                                                                                                                                                  • Instruction ID: 957aeace5a1b2de6e4052c309d9f6ed65275047a226865fa568fba1322b3d6e2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96ef4e39a1d7fbc30381bc7322641e076ce7f2720c689cd816d97cad1d97a5ae
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 181158B1900249CBCB20DFAAC9457EFFBF4AB88320F24882AD159A7250C774A544CF94
                                                                                                                                                                                                                                  Function 072F5688 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747250947.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_72f0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                                                                                  • Opcode ID: c29779b423e65c5b6097d1bea25a8dc661f6c0fe08162f756fe1d2a4b0d0957f
                                                                                                                                                                                                                                  • Instruction ID: 83dab90c83da501f7f342f93db993a67dc41e07a55438ffde439006805417b51
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c29779b423e65c5b6097d1bea25a8dc661f6c0fe08162f756fe1d2a4b0d0957f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C1125B19002498BDB20DFAAC44579EFBF8AB88324F208829D559A7250CB75A944CBA4
                                                                                                                                                                                                                                  Function 072F8B1A Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 072F8B7D
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747250947.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_72f0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: aa8b69b5c65a604b27004fbca31a8cab71c8f62fc2540a238545d6719adec4e9
                                                                                                                                                                                                                                  • Instruction ID: 402ab4f63405490ac777c4051e9c161e349146f4823f47360bfb09599deb6c20
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa8b69b5c65a604b27004fbca31a8cab71c8f62fc2540a238545d6719adec4e9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F11F2B5800249DFDB10CF99D945BDEFBF8EB48320F10841AD558B7610C375A584CFA5
                                                                                                                                                                                                                                  Function 072F25B8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 072F8B7D
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747250947.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_72f0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: 9d1436add235c1899ac7b4bb0c551285360cb8d669752228d96a4503a4993e8e
                                                                                                                                                                                                                                  • Instruction ID: 7b8c307ae50b4b57bf740b84406935ccffdd9b4bde9d63a6cb5a3d1159ffdcc8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d1436add235c1899ac7b4bb0c551285360cb8d669752228d96a4503a4993e8e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 461103B5800349DFDB10DF9AC449BDEFBF8EB48320F108429E959A7210C375A944CFA5
                                                                                                                                                                                                                                  Function 04A4B500 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 04A4B566
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1743700280.0000000004A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_4a40000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: 61a6d8782b2a756f3b9cdea44dffd656d13e5620e97baad17f7d28b5ba44f148
                                                                                                                                                                                                                                  • Instruction ID: 3f5e2093018f3cbb28c1c25b95341e409ae171142c18b90360a51bb47a05a8e6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61a6d8782b2a756f3b9cdea44dffd656d13e5620e97baad17f7d28b5ba44f148
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC11E0B5D00249CFDB10DF9AC444BDEFBF4AB88324F10842AD469B7210D375A545CFA5
                                                                                                                                                                                                                                  Function 06F92D98 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: (oq
                                                                                                                                                                                                                                  • API String ID: 0-3175707579
                                                                                                                                                                                                                                  • Opcode ID: 8d07d142fefcddd9257bf0b2d53c076d54266189b1e5b047c6cdb43aae1b7ab3
                                                                                                                                                                                                                                  • Instruction ID: b21911dc2684bc2647a5499ed04004ce270e4732272cf20ded5a8eb7d7ab5229
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d07d142fefcddd9257bf0b2d53c076d54266189b1e5b047c6cdb43aae1b7ab3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C71C231A00205AFEF65DB69D844BAEBBE6EFC4304F108429E506973A4CF34DD45CBA1
                                                                                                                                                                                                                                  Function 08743007 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: d8pq
                                                                                                                                                                                                                                  • API String ID: 0-3074765628
                                                                                                                                                                                                                                  • Opcode ID: d6c922c5b896c4f9fa6d2ec2b72c8709902865131d44d3699d569405d0034131
                                                                                                                                                                                                                                  • Instruction ID: af746367e8829d6f0025f1d1961bfe355a421275000d7a3a897486e3e50304ed
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6c922c5b896c4f9fa6d2ec2b72c8709902865131d44d3699d569405d0034131
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC719F35B00218DFDB159F68D854AED7BB6AF88712F145069E906EB3A5CB31DC42CBA0
                                                                                                                                                                                                                                  Function 06F9ED28 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Tekq
                                                                                                                                                                                                                                  • API String ID: 0-2319236580
                                                                                                                                                                                                                                  • Opcode ID: 7df605cb15d1fb6bc36196b26d0936b795f66af54495007ed041e32254e4cc42
                                                                                                                                                                                                                                  • Instruction ID: 2b563f6be7b0ad85e965bfac4f3d09d9887f116d523d04bc22677dc9396799df
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7df605cb15d1fb6bc36196b26d0936b795f66af54495007ed041e32254e4cc42
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8631D675E046088FEF48DFA6C9446AEBBF6AF89300F10902AD419AB358DB745905CF91
                                                                                                                                                                                                                                  Function 087429B8 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Hoq
                                                                                                                                                                                                                                  • API String ID: 0-3049094369
                                                                                                                                                                                                                                  • Opcode ID: 81bde15b07385e4987a22fcfa97529bc1c295fa06567680984ea37309fcd88cb
                                                                                                                                                                                                                                  • Instruction ID: a669aeeed8f4de65303611c0d69c083bf941a540f6fb1a614ce7881319796d1b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81bde15b07385e4987a22fcfa97529bc1c295fa06567680984ea37309fcd88cb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2312631A04294AFEB519F788C06BAE3FB6EF85700F50C09AE504DB287DE34C916C791
                                                                                                                                                                                                                                  Function 087429C8 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Hoq
                                                                                                                                                                                                                                  • API String ID: 0-3049094369
                                                                                                                                                                                                                                  • Opcode ID: a4da86b125b17a495232ff8e6e2791f9d2df6493657db09fca350140f167644c
                                                                                                                                                                                                                                  • Instruction ID: 3ddc7db9943ef3d88986527c0fc194098e8e634b7923900535e75e6d0d13b56b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4da86b125b17a495232ff8e6e2791f9d2df6493657db09fca350140f167644c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42213731A04294AFEB519F788C06BAE3F76EF81700F50C09AE905DB287DE348D16C760
                                                                                                                                                                                                                                  Function 06F98E68 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $kq
                                                                                                                                                                                                                                  • API String ID: 0-3037731980
                                                                                                                                                                                                                                  • Opcode ID: d55bf2287f25a1f77f98e8d0ce31f2a209b2abe53c0844741aa4bcf145832974
                                                                                                                                                                                                                                  • Instruction ID: 092114d27bb33f382314b2c52c6abfdf467e8e9afddbadd920c14cf48ef33b10
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d55bf2287f25a1f77f98e8d0ce31f2a209b2abe53c0844741aa4bcf145832974
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2711E422D0D250DFFFE0B7E4D8205667FA65B432C8B148C9BE426CA196C7368441C7F6
                                                                                                                                                                                                                                  Function 087411A7 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 8oq
                                                                                                                                                                                                                                  • API String ID: 0-3198120224
                                                                                                                                                                                                                                  • Opcode ID: d5f40488488413f5ee5357d279feb74356cad7e1e5edb822f3848de1ad53fed9
                                                                                                                                                                                                                                  • Instruction ID: 44197213c62587458d239e99134fd2c42c9386a4f8aa121603e1ca79774a7f9a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d5f40488488413f5ee5357d279feb74356cad7e1e5edb822f3848de1ad53fed9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC210878A0020ADFCB00DFA8D581AEDBBF5FB49300F10516AE815A7364E7319E46CF90
                                                                                                                                                                                                                                  Function 06F9824D Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $kq
                                                                                                                                                                                                                                  • API String ID: 0-3037731980
                                                                                                                                                                                                                                  • Opcode ID: a189358e9cda1426e2c1f58033ca2fb4a21a46b4930f942f42db3b8184848342
                                                                                                                                                                                                                                  • Instruction ID: 43276a616d58f515b5570df0309ca3627cd96fc35a3af7e974ceec08f612c7cc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a189358e9cda1426e2c1f58033ca2fb4a21a46b4930f942f42db3b8184848342
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2601D47290A641CFFBE1C720D801A61BBA5B7032C0F444AABD46ACB542D3348840C7F6
                                                                                                                                                                                                                                  Function 06F9C060 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 1
                                                                                                                                                                                                                                  • API String ID: 0-2212294583
                                                                                                                                                                                                                                  • Opcode ID: 099a0cc858f6a15f664c06df74ef18c967e4d949e02a38ef74f7ce9535e572a9
                                                                                                                                                                                                                                  • Instruction ID: d1b191d0bde9956344134c1eb9464a30800e286b99c61b08327d6c009be5d8a8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 099a0cc858f6a15f664c06df74ef18c967e4d949e02a38ef74f7ce9535e572a9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FBF0C89300E3449FFF91A2B04C144FA7F2D9F86200F101187D41AC70B2E61519508AF3
                                                                                                                                                                                                                                  Function 06F96D20 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: G
                                                                                                                                                                                                                                  • API String ID: 0-985283518
                                                                                                                                                                                                                                  • Opcode ID: 113c38adca62ee7fe3c223c2737c69c74a0b9518e854aa4ff1e579c77bdad3f5
                                                                                                                                                                                                                                  • Instruction ID: 537ae3d7487444fac27a3b9c156994de4d066d17d3327ba0bf6aae8871e4c36c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 113c38adca62ee7fe3c223c2737c69c74a0b9518e854aa4ff1e579c77bdad3f5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68D05E7200E358AFE7418E549D159EABB7E9782200F1414C7E4598B242CF280E209BF2
                                                                                                                                                                                                                                  Function 06F96D30 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: G
                                                                                                                                                                                                                                  • API String ID: 0-985283518
                                                                                                                                                                                                                                  • Opcode ID: 8122efd88f2996323bbdfe751b993f54a30b51889637a72daacbfc9a5e01e402
                                                                                                                                                                                                                                  • Instruction ID: 46aad110f81a2f069931dac98af40faf81131475433137f8de5d0d2117c7350d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8122efd88f2996323bbdfe751b993f54a30b51889637a72daacbfc9a5e01e402
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AC012B1408108EBFB44DE80D906A2CB7ADA780304F200086D90E82241CF351E109AA2
                                                                                                                                                                                                                                  Function 08740040 Relevance: .8, Instructions: 751COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 31a1c39fbbbde127ce25c9264d49164065ad2410eada5227c4918af0bd811a19
                                                                                                                                                                                                                                  • Instruction ID: eafab67dfe56073d7d083cb3be806178f87ad3f338b62c284da663e750907362
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31a1c39fbbbde127ce25c9264d49164065ad2410eada5227c4918af0bd811a19
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A624070D10F058BD7B15FB488883AD7AA1EB41309F605A2FD2BACAB54CB349457CF5A
                                                                                                                                                                                                                                  Function 0874C5F0 Relevance: .5, Instructions: 523COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 61058569976c45bbe08a24435704404ccdea777ac425aa8284cb8b10a16497c6
                                                                                                                                                                                                                                  • Instruction ID: 7fade59940cfc061eb68402b6c689bbd788c57ef9fc174abf236cbadc4473cd9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61058569976c45bbe08a24435704404ccdea777ac425aa8284cb8b10a16497c6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A42E330D1061DCFCB15EFA8C8846DCBBB1BF99300F518299D5497B265EB30AA99CF91
                                                                                                                                                                                                                                  Function 0874C5E0 Relevance: .5, Instructions: 522COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 71f252d9e03b98f7f9730833b20c28d0e99ca3aa66016462e45374bbb4655186
                                                                                                                                                                                                                                  • Instruction ID: 30dc2915b9deaa21632035c1378a264b5c410e746297a2f215526d80126257d9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71f252d9e03b98f7f9730833b20c28d0e99ca3aa66016462e45374bbb4655186
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F142E330D10619CFCF15EFA8C8846DCBBB1BF99300F518299D5497B265EB30AA99CF91
                                                                                                                                                                                                                                  Function 08740011 Relevance: .5, Instructions: 468COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c230cb833b0fb4ac4b3c67d07c5e41de5ada250b09c1b797afc871fb297f2c49
                                                                                                                                                                                                                                  • Instruction ID: 4abdb02f47fc5eb302e19e3b80ace105830e01c2f0aecbeee7eaae35a0effec1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c230cb833b0fb4ac4b3c67d07c5e41de5ada250b09c1b797afc871fb297f2c49
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2226BB0915F428BD7B15FA4888839EB690AB05309F705A1FC2FACA759C734909BCF5D
                                                                                                                                                                                                                                  Function 08749738 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2657c2cd4c762533d10de191423dd5fe9d5aff6b3720e2a8a6f6bb92e7be3f53
                                                                                                                                                                                                                                  • Instruction ID: 427585f9b1421ac9d05b4a8759e12f6e1b4fe1b7312798a336c56e51974aeeea
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2657c2cd4c762533d10de191423dd5fe9d5aff6b3720e2a8a6f6bb92e7be3f53
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0B1B971A00208CFDB21DFE9C9546AEBBB6FF88311F20456DC509AB259DB31DD52CB61
                                                                                                                                                                                                                                  Function 06F90480 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4ea0c16ab753457cb5433db3b5f34a183fa672f33980743c0330e19e592d4b42
                                                                                                                                                                                                                                  • Instruction ID: efe9fe662dc8e2618efb566309dde48b8f6076c16c6e51abb3501afc9ba0614b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ea0c16ab753457cb5433db3b5f34a183fa672f33980743c0330e19e592d4b42
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8BF1C771D1061A8FDF10DFA8C854AEEB7B5FF98300F1086A9D549B7254EB70AA85CF90
                                                                                                                                                                                                                                  Function 06F90471 Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4d948e675b4e88be7c93af6cdb300db0b7316eb7769fb33ec96e388cb99d98ca
                                                                                                                                                                                                                                  • Instruction ID: 65e03d33a00e2f92ec4dd3c5955f753dd17e33919325ea1e2998e37ab7f53614
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d948e675b4e88be7c93af6cdb300db0b7316eb7769fb33ec96e388cb99d98ca
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65E1D931D1061A8FDF50DFA8C854AEDB7B5FF98300F1086A9D549B7254EB70AA89CF90
                                                                                                                                                                                                                                  Function 08747D60 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c32238e9c17d905f560fc728dff6418005c7e7d2af511f1ae5794e88290798d0
                                                                                                                                                                                                                                  • Instruction ID: b312356ec2bcb7a53b0b294f357ce8f949a4aaae03f4c90aad732e9be0b69ea1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c32238e9c17d905f560fc728dff6418005c7e7d2af511f1ae5794e88290798d0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07B14734A102188FDB18DF68C554AAEBBF6EF89701F1540A9E506EB375CB31EC42CB61
                                                                                                                                                                                                                                  Function 06F94AA1 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 173348fb7d69273809265189bb36401d9c1a2c1728ffb132b4faa684b3aa6583
                                                                                                                                                                                                                                  • Instruction ID: b38e557dcb65f55f87849d728e5b885fa82147ea98815a68121ccc658391c356
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 173348fb7d69273809265189bb36401d9c1a2c1728ffb132b4faa684b3aa6583
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98B1E675910619CFDB10EF68C840A9CFBB5FF59304F05C699E949BB215EB30AA89CF90
                                                                                                                                                                                                                                  Function 0874BDB0 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ce0ccde5aa8d3ada69606f56ba4d240a5b8d80eb332586b224fa3527ddc696cd
                                                                                                                                                                                                                                  • Instruction ID: cffc1a45849942c1529919508fb11417c1b86ac8da5f41aaed46584f10a6af1b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce0ccde5aa8d3ada69606f56ba4d240a5b8d80eb332586b224fa3527ddc696cd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8591C130A00219DFCB11EFA8D8486ADBFB1FF85311F105569E445AB269EB30DD66CFA1
                                                                                                                                                                                                                                  Function 08749AF8 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fff7229f0e5e0acc15c16dabdd1fc288792a66faf10a8c62926d94a6bd0c41d3
                                                                                                                                                                                                                                  • Instruction ID: 5c7ea4385e25fdc09c1a24b55fd66e95c2d95858ad0c86509ae42fc63fd6c9d6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fff7229f0e5e0acc15c16dabdd1fc288792a66faf10a8c62926d94a6bd0c41d3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1291F375A0020A9FCB10CFA8C984BDEBBF6BF48311F048569E929D7364D731E956CB60
                                                                                                                                                                                                                                  Function 06F9778F Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f53224c4903aa582a91d688bf7fe1e2b3c028766d4598d6037967184da9b8769
                                                                                                                                                                                                                                  • Instruction ID: d204de29fa9e40f29165342c96445b0237aeffdfac5533da425d7ccd413d028b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f53224c4903aa582a91d688bf7fe1e2b3c028766d4598d6037967184da9b8769
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A712430B042589FDB00AB74D454AAEBBB2FF89300F1485E9D8959F396CB709E49C792
                                                                                                                                                                                                                                  Function 06F977C8 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 824c80d8507d197cb797bd62e856062f9a1bcd1b6774e092160d746d06961569
                                                                                                                                                                                                                                  • Instruction ID: 5c7478d7b52836114bedcf48ffc05aa6db12e888cf7106e4877d57eab2217488
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 824c80d8507d197cb797bd62e856062f9a1bcd1b6774e092160d746d06961569
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0761C234B002199FDB04AF64D445AAEB7B2FFC8300F1489A9D9995F39ACB70AD49C7D1
                                                                                                                                                                                                                                  Function 06F90C38 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 19a1fc89a1b43cc4d5551c2ced8dc4b96d52b8f9de5e0fc8470d637d8019e508
                                                                                                                                                                                                                                  • Instruction ID: 04619d427829c3f72028c0f83a12027da0de67632181737aad45c9475a617b7e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19a1fc89a1b43cc4d5551c2ced8dc4b96d52b8f9de5e0fc8470d637d8019e508
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA510B35E106098FDF54DFA8C8949ADF7B1FF89310B108669E416B7354EB30E985CBA0
                                                                                                                                                                                                                                  Function 06F91800 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c3fa412278624a7eaf937dd006b5dc48b1d13936958c073731df4f61a5d4288b
                                                                                                                                                                                                                                  • Instruction ID: 662aea96fed183b42af6f69aad7f9ce0951c555998478bce46ec7af64bb97752
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3fa412278624a7eaf937dd006b5dc48b1d13936958c073731df4f61a5d4288b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A418935F012068FEF58CF68D858AAEB7B6FF88301B148079E402A7395DB34D851CBA1
                                                                                                                                                                                                                                  Function 06F90E40 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ece4c6b7212ec830663096b13ea1f101cc9ee9a281f88f6ed52f25d747c9b182
                                                                                                                                                                                                                                  • Instruction ID: 3ffb144de6f89461f97f21bcf35b71f8ddcd99a943845e30efbb74199af2dd3b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ece4c6b7212ec830663096b13ea1f101cc9ee9a281f88f6ed52f25d747c9b182
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA516335E106099FCB00EFA8D8849EDF7B5FF89304F00815AE515AB325EB31A945CB91
                                                                                                                                                                                                                                  Function 0874C070 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: bf74519b696b8e945c2809913b2958d6fbe1cc46db0b42c9fd7af4e7979b2f80
                                                                                                                                                                                                                                  • Instruction ID: a4a7b2b7610d9a36372dfa854111318765ea22fd3c421b4fcf85326e2c661257
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf74519b696b8e945c2809913b2958d6fbe1cc46db0b42c9fd7af4e7979b2f80
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E41E7B0E462169FDB03AF64CD096AA7BB1AFC5341F10246AD413A726DF73489138BB1
                                                                                                                                                                                                                                  Function 0874E330 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3ea8566e5686bc2e0560de3e5705573f3d1ee8bc5c4e4721d5cdaab2fa4e2fdf
                                                                                                                                                                                                                                  • Instruction ID: 9dd621440a4ebcec62289d98eb559fc054b841eac8958893cb95fa8596d88ca3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ea8566e5686bc2e0560de3e5705573f3d1ee8bc5c4e4721d5cdaab2fa4e2fdf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA41F736B002118FDB26DB68C8446BE7BA6AFC9631B1841AEE549D7355DB34EC0387E1
                                                                                                                                                                                                                                  Function 06F90C29 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 62cec085fa9dcf5578178fd3ce44ac00ec6c81dcd23c2ac47d571aaeafcbff04
                                                                                                                                                                                                                                  • Instruction ID: e477e9ca29cbb5cbaa5d57abaa31873e94624ca040c3617191845f4137cd30f7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62cec085fa9dcf5578178fd3ce44ac00ec6c81dcd23c2ac47d571aaeafcbff04
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD416D31E106098FDF50DFA4C8909EDFBB2FF89310B10866AE416A7355EB34E985CB90
                                                                                                                                                                                                                                  Function 0874AC68 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 291b7581acbb5d0d75fd3357cf52ef06011bdf9da1fb0c1c0c6621a648b67279
                                                                                                                                                                                                                                  • Instruction ID: 008de0a199fcb4e6cc43cef31fdbe51cf3ce416d7c76dad971183fa31bec2783
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 291b7581acbb5d0d75fd3357cf52ef06011bdf9da1fb0c1c0c6621a648b67279
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E417C34A052189FDB14DF68D854AEDFBB2AF89302F149169E501BB3A8DB719C42CB60
                                                                                                                                                                                                                                  Function 0874B6A0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 910af83da38d8aec3e7a06868b5044bedf52751fbd17896b0415ff4327f4085c
                                                                                                                                                                                                                                  • Instruction ID: ba2a36b3781bd2a64786bc3c078ee935e915984ca3185217ddd179e6ffa3d6bc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 910af83da38d8aec3e7a06868b5044bedf52751fbd17896b0415ff4327f4085c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C41B3B0E4511A9FDB03AF64CD496AA7BF1ABC5342F106425D413E72ADFB34C9138AB1
                                                                                                                                                                                                                                  Function 0874AF90 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: dee732bbadf381039409f8bea794458f78ba114f79a19e77059fda13d3fa6f6e
                                                                                                                                                                                                                                  • Instruction ID: e1fe6ed68b865ccbba1742678da86b61f11fb91f0d0b74356eaaea52d018d048
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dee732bbadf381039409f8bea794458f78ba114f79a19e77059fda13d3fa6f6e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6418471E05218DBEF219FA5D9448ADFFB1FF89311F218159D4097B22ACB3198A2CF80
                                                                                                                                                                                                                                  Function 087437A7 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b976da653b11967e24e991246c15dfb69f0d02e935a7c1e8a0cfe6135b7d4c39
                                                                                                                                                                                                                                  • Instruction ID: b27e4515390330eb85a38e4fa0253476b46402e13e67671a61f1b6bfa48339b4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b976da653b11967e24e991246c15dfb69f0d02e935a7c1e8a0cfe6135b7d4c39
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F415B31700129DFDF059F64D885AAEBBBAFF84301F148129E9059B3A9DB34DD56CBA0
                                                                                                                                                                                                                                  Function 0874AC78 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6dd33010af4484e8f1cf6a1330a23ae6dc4130d69492b652376c598714a096b5
                                                                                                                                                                                                                                  • Instruction ID: 5a7e3421dab451cf0be29723524cd7872c1ba0200a1435c8ea510eeef2f4978c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6dd33010af4484e8f1cf6a1330a23ae6dc4130d69492b652376c598714a096b5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34414C34A012189FDB14DF68D854A9DBBF2AF89312F148169E541FB3A8DB71AC42CB60
                                                                                                                                                                                                                                  Function 06F97A46 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d8d6b62cb571057b3abbe344c48e00242f8a6f6a2cf8bd7472c4b94e3481fb5f
                                                                                                                                                                                                                                  • Instruction ID: 737b5af4307a47f871b6ebbae55b8349c017416d2308adff670abc7ff92fe5af
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8d6b62cb571057b3abbe344c48e00242f8a6f6a2cf8bd7472c4b94e3481fb5f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9241D53161C3A18FFB55AB74982916E7FB5EB85311F1004A7D543C72A6CA388D41CBF2
                                                                                                                                                                                                                                  Function 06F91198 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ae1441dbfdc8848cfdb468d5cee31df178cb0be03ef7941b23f46879cd669ad8
                                                                                                                                                                                                                                  • Instruction ID: fdd8d1ea0bb2593a7c76242a5d8e4b464ccbb6fb88ea7bd1d01c1a8fda3e2ad4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae1441dbfdc8848cfdb468d5cee31df178cb0be03ef7941b23f46879cd669ad8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F31AE75E10219DFEF14EFA8D84499DBBB6FF89300F10826AE501A7360DB309C45CB91
                                                                                                                                                                                                                                  Function 06F96B44 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: bf7a64babe8ed6eac7e9e77170d1fa8643a9dc83a9f4edc9ee932e5fe6e45331
                                                                                                                                                                                                                                  • Instruction ID: 4279e6a718d906ea1c763d62c509974cb52625724e3af2f6b55b3d8babaf225c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf7a64babe8ed6eac7e9e77170d1fa8643a9dc83a9f4edc9ee932e5fe6e45331
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF310471B04108CFFF54CF98D4516AAB7F2EB89315F14846AE116EB352CB36AD42CBA1
                                                                                                                                                                                                                                  Function 06F917E3 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1f7180997ae6e1bbc917ff123b52acf3e2be5645e8192f36251fda5f2e88967c
                                                                                                                                                                                                                                  • Instruction ID: 2213e6e9c5c3775956a37f6eabfc5937c43c8d09aac161be1f7d13126164a30b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f7180997ae6e1bbc917ff123b52acf3e2be5645e8192f36251fda5f2e88967c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5631CD35E053069FEF99CF64C858AAE7BB6AF89300F14407AD402D7391CB74C801CBA2
                                                                                                                                                                                                                                  Function 06F92D88 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a5900cb5edcc3f5f2431f67b299ba95a4016ff2e9cc4717fa0030fa33504668f
                                                                                                                                                                                                                                  • Instruction ID: 5a6b573533fd628bba19e49e0f9bad364e60074275a618795a10f0e1699a6118
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5900cb5edcc3f5f2431f67b299ba95a4016ff2e9cc4717fa0030fa33504668f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F31A375A11205AFEF54EF64C844BAEBBF6EF88300F148529E51597390DB35DE44CBA0
                                                                                                                                                                                                                                  Function 0874C4B8 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ed016c051724a8a513fd89bdd219d275911dfb68dcc6f7b1e2bbed8d63673adf
                                                                                                                                                                                                                                  • Instruction ID: fe5d931f8e710025a18d357ff24542e96603fe76bbd55f3ee15f91508bf574d1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed016c051724a8a513fd89bdd219d275911dfb68dcc6f7b1e2bbed8d63673adf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03314835A001088FDB11DFA8C945AEDBBF1EF89201F2445AAE505EB365DB35EE42CF60
                                                                                                                                                                                                                                  Function 06F922F0 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 834f79745e9076d8d6164a72f4743684ca328329fbe0a2b6e4ca29c8c9d89ad2
                                                                                                                                                                                                                                  • Instruction ID: 58cb75fc1533fdea5fc37a5517e1db0706c06a688e4c44911e931267d784f718
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 834f79745e9076d8d6164a72f4743684ca328329fbe0a2b6e4ca29c8c9d89ad2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C831A071B10201AFEB54DF79E885A6A73E6FF88214F148469E54ECB365DB30EC468B60
                                                                                                                                                                                                                                  Function 06F9C308 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 55c608bd92ac56f2f596ac5169d1f6c6eaeb987ee2956369aa2998dbde9cf54b
                                                                                                                                                                                                                                  • Instruction ID: e34717ed802299e86bf20bba38d91ef4c28375703450291e5e7b1d62f407fa63
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55c608bd92ac56f2f596ac5169d1f6c6eaeb987ee2956369aa2998dbde9cf54b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C421E732B48104DFFFA48A2D8902E7A76A7BBC5740F658067D1474B699CA71CC428BF7
                                                                                                                                                                                                                                  Function 08749240 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c364f1147c66e0870f8ea8d1dd6cb5b546dc8574d3f7eacfde70648be8228592
                                                                                                                                                                                                                                  • Instruction ID: 9021e968a352475026950971e30443bf3cb7ed2f9897f70eedb17e2cefc20361
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c364f1147c66e0870f8ea8d1dd6cb5b546dc8574d3f7eacfde70648be8228592
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F21F7367006108FEF248A65C8816BFBBE6EBC5211B18806ED646C77A8C734ED828761
                                                                                                                                                                                                                                  Function 0874C2F3 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b9584ff798b1d2cfdb14b029b0518b38b339380f293d52a34d41169b587fd635
                                                                                                                                                                                                                                  • Instruction ID: 2b75a81dc1fbc7b58607df222918c4a7dc900f501651029dfbffa42a2d915b43
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9584ff798b1d2cfdb14b029b0518b38b339380f293d52a34d41169b587fd635
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F31A4309057488FDB12EF78C9116EE7FB1AF8A300F04855ED445BB264EB34AD49C7A2
                                                                                                                                                                                                                                  Function 0874AB00 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2edf6dd752f96d476730c396e929b7f52c9ed4edba99816983a235966bc3336b
                                                                                                                                                                                                                                  • Instruction ID: ba21bc83151e30833fb253bac73ca2ec34a640d4895a0acc5a3c5b4a36f5c250
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2edf6dd752f96d476730c396e929b7f52c9ed4edba99816983a235966bc3336b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B314A31A41228CFCB10DFA8C854AEDBBF2BF89305F254069E505EB364DB759D06CBA0
                                                                                                                                                                                                                                  Function 06F96568 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2c92af1429e17f98fb3f25189f1715f9a0f83e783ac52cb72189a149f7e2943e
                                                                                                                                                                                                                                  • Instruction ID: 7ace0869ae82f4f3037fc854cf245657494402af36384b409aed5e93de05b7ed
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c92af1429e17f98fb3f25189f1715f9a0f83e783ac52cb72189a149f7e2943e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4731F475E1020E9FEF80DFA8D9805EEBBF2EB48310F108569E505E7350EB309A45DBA0
                                                                                                                                                                                                                                  Function 08749728 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f805a0300a825e844054c955364b1db1bc85b6f541eae617f05666bf68a46047
                                                                                                                                                                                                                                  • Instruction ID: 35d9c8212cdc2fd4fe00fc9d9618fa5a296388bd1d87aa46f40ab6e2005c6834
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f805a0300a825e844054c955364b1db1bc85b6f541eae617f05666bf68a46047
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3021C470E40236CBCB11BB64C4451AEFB71EF41302F50596AD556A729CFB31D9638BB1
                                                                                                                                                                                                                                  Function 06F96C11 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d81d215497dc1a0dfaf2fb00caa3a2adf06e23155160501021e1dc3d684d387b
                                                                                                                                                                                                                                  • Instruction ID: e21e4fa4ae11181ad4742d218941dab634a3c56f29211eb3fca74ce3788b8a29
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d81d215497dc1a0dfaf2fb00caa3a2adf06e23155160501021e1dc3d684d387b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9931DF71A04108CFFF94DF98C45166AB7F2EB85316F14846AE11AEB741CB36AD468BA0
                                                                                                                                                                                                                                  Function 06F9C1A1 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0a8caeb86ad20729ca5f3e5335b83762ce4c99f5c885aadae3f476f06e27daf1
                                                                                                                                                                                                                                  • Instruction ID: 588e0b67c98509e4f4bbc106a67613feda1aca779ecf2813213f45d9069e2696
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a8caeb86ad20729ca5f3e5335b83762ce4c99f5c885aadae3f476f06e27daf1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E21B272E08254CFFFA18BEDC890639B7B0EB86350F149067D526C7686C6359A44C7F6
                                                                                                                                                                                                                                  Function 08749250 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a4cb5551012fdecd704fac18b85ad163720ad25eac7622a535b493d3fdebf221
                                                                                                                                                                                                                                  • Instruction ID: b48caa3573c5230185f6400041c1b9e41c3190e77be3be83a6f84bf22eff47d7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4cb5551012fdecd704fac18b85ad163720ad25eac7622a535b493d3fdebf221
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A21F9367006108FEF24CA65C4C167FBBE6EBC4211B288069D646937A8C734FD828761
                                                                                                                                                                                                                                  Function 0874A338 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 19c91730eb9315cdb4b375d9c9d5b7970d8751f771332a28e33622c4e6dbadf7
                                                                                                                                                                                                                                  • Instruction ID: 81453a21af9fd2aacfc8084fdc97a647ab896b724dd53e837be551d23df0f532
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19c91730eb9315cdb4b375d9c9d5b7970d8751f771332a28e33622c4e6dbadf7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D21C5303813109BE335AB79940452BBBA6AFC520AB14187DD946CB799EF75EC07C771
                                                                                                                                                                                                                                  Function 06F90FD0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 64cc663ebc6ef45501f137ba634ceaef46a57e13eb6ca3c9b49fef5e5abce3da
                                                                                                                                                                                                                                  • Instruction ID: 9617938e9decc04c26af44a35760f4595f83f633181060579cc36135c7b2faa8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64cc663ebc6ef45501f137ba634ceaef46a57e13eb6ca3c9b49fef5e5abce3da
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D31F135A10609DFCB04EFA8D994CDDFBB5FF89310F018699E5056B224FB70A989CB91
                                                                                                                                                                                                                                  Function 06F90FC0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4043cc86749fb58572d9071295a93473cd2434eeaf8ce2c776e2f03a000fcd1c
                                                                                                                                                                                                                                  • Instruction ID: 69566e368b6111b8e489c47e80f9750fc57c1c403c046e0a4babb90e49be714c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4043cc86749fb58572d9071295a93473cd2434eeaf8ce2c776e2f03a000fcd1c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5315435A10609CFCB05EFA8D4948DCBBB5FF89310F018699D5056B224FB70AE89CB91
                                                                                                                                                                                                                                  Function 0874E728 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3be3ad3200444344f555ab9b5f4d0664c8682d553833505b44dc617cefa64c62
                                                                                                                                                                                                                                  • Instruction ID: b58a59d0748dee4b2c2a2916524c32c0e3d13f67339bcb88b045be8e299f87e5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3be3ad3200444344f555ab9b5f4d0664c8682d553833505b44dc617cefa64c62
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E216231F00609CFCB11EBB8C4486ADB7B4FF89231F14426AE519E7260EB309946CB92
                                                                                                                                                                                                                                  Function 06F96559 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b9dc56b33d01db666d3d5af693ae82857e78520c66232a8c4e8375a7a1746ff5
                                                                                                                                                                                                                                  • Instruction ID: 25bba49fbc1bd412a9999740f4081c72f9cfee15cc436b9738d9ed2d8e4cfdfb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9dc56b33d01db666d3d5af693ae82857e78520c66232a8c4e8375a7a1746ff5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94311571E002099FEF80DFB8C9906EEBBF1AF49310F10856AD401E7355EB349A45CBA1
                                                                                                                                                                                                                                  Function 06F929E0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5e852b9f26732e9ebc0e96e06a1d26dc4417b09b647e99a3223c9ce49db432c7
                                                                                                                                                                                                                                  • Instruction ID: 6c9b9bb202d0c81e3eeae3526d776960f6061fffcf252682299d43f877b296b3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e852b9f26732e9ebc0e96e06a1d26dc4417b09b647e99a3223c9ce49db432c7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F219A36B10116EFEF20AFA4E944AAEB7F5FB49341F048029E41997241DB35DA16CBA0
                                                                                                                                                                                                                                  Function 08743468 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0f0aaa7748fdebf39b7140996e86d12e94ca039f5dbda9dd1a06baf5b23caa57
                                                                                                                                                                                                                                  • Instruction ID: efae89bc703fca513a4cac81716dd2bb0c40751723cdbfbede0b089aab917de1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f0aaa7748fdebf39b7140996e86d12e94ca039f5dbda9dd1a06baf5b23caa57
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36215E75A00106CFCB10DFA8D885EAEBBB1AB49311F055069E909DB366E731E842CBA1
                                                                                                                                                                                                                                  Function 06F90290 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 67a7ed05dfc547381ac651189f6ec0ca2ff34f46872f5f0826cd45e460786712
                                                                                                                                                                                                                                  • Instruction ID: 0046c932e317f7963240b11655e9a335913272845b9b4322f4139eef9b8af356
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67a7ed05dfc547381ac651189f6ec0ca2ff34f46872f5f0826cd45e460786712
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8216D75E102098FDF44DF79C8948AEBBB5FF89200B40866DD905EB355EB30A906CBA1
                                                                                                                                                                                                                                  Function 00AAD36C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1737796914.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_aad000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fd4efb4978d3eb12c978689eb5d0bc1d14f4bdf2025c4cc5d8cf35372adab70b
                                                                                                                                                                                                                                  • Instruction ID: 9d5777c35b4513eb7fd74c62dd536e3fbc18b11036995ca49fed79e0473f5151
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd4efb4978d3eb12c978689eb5d0bc1d14f4bdf2025c4cc5d8cf35372adab70b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E212275500200DFCB00DF14D5C4B26BBA5FB89314F20C56DE88A4F696C33AD846CA62
                                                                                                                                                                                                                                  Function 00AAD1B4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1737796914.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_aad000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1ea5e79178439ef167437739e99963c2de08c77e640bcd1961ac678708110b75
                                                                                                                                                                                                                                  • Instruction ID: e6a9c7b2e2acf47468fab428b25d71528b09f373ad018cdb79d0b3fb9a1f6814
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ea5e79178439ef167437739e99963c2de08c77e640bcd1961ac678708110b75
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61212671504300EFCB05DF14C9C4B26BFA5FB95314F20C66DE88A4B696C33AD84ACA61
                                                                                                                                                                                                                                  Function 06F902A0 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 54803588ea30fb405ac6c338af77837976f88191f851b9e9c8c2405b8d9db8bb
                                                                                                                                                                                                                                  • Instruction ID: b09f10db897b2205aa428c555bc22782f123e522466177baa7ca95e029f6597b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54803588ea30fb405ac6c338af77837976f88191f851b9e9c8c2405b8d9db8bb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55213075E0020A8FCF44EF69C8848AEBBB5FF89300B518669D905B7355EB30A945CBA0
                                                                                                                                                                                                                                  Function 06F9C536 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e34911e5122fbe846cefb2136efc63672cdd5f569917cc4df72bb0d62e98f731
                                                                                                                                                                                                                                  • Instruction ID: b3872d9bbef2c29e75ce3cc38ace52cba79216941235ac60bb908638da4d4ea3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e34911e5122fbe846cefb2136efc63672cdd5f569917cc4df72bb0d62e98f731
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1211D32F18515CFFFD49A6DD8406B9B3A0BB49350F008667A216C76A0C774E9908AF6
                                                                                                                                                                                                                                  Function 06F9038F Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 84632ba5365da219d1711711417204053812931e059611b5752589317a4d7ed0
                                                                                                                                                                                                                                  • Instruction ID: fce5ad813606922fcfa1d580ff85266ed6593eaa6b47b624631dde7c89d990f5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84632ba5365da219d1711711417204053812931e059611b5752589317a4d7ed0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE117A3A7012514BDF659B39D841C9F7B62EBC51317048179D85ACB3A2DB24DC4782A2
                                                                                                                                                                                                                                  Function 06F929D0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c57608c2973a5afec6cce60de2c0d05667a36eca8c5c78ee8e0d356c3d6a5615
                                                                                                                                                                                                                                  • Instruction ID: 525533dadd1ca3b203c1480207bf004cd4e87c3647d285375cb603a88899e48a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c57608c2973a5afec6cce60de2c0d05667a36eca8c5c78ee8e0d356c3d6a5615
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B921D235B101059FEF249B64D944B6EBBF9EB4A340F044029E415C7791EB34DE09CBA0
                                                                                                                                                                                                                                  Function 08749718 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f65172952be038df291e712d9668c16dabf5446aa2dbaa33cde4138aafbd8304
                                                                                                                                                                                                                                  • Instruction ID: 7003b5db14b268ba9d3c8f4624002801ad25dfe2d6203ae88d6244c6182e3e5b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f65172952be038df291e712d9668c16dabf5446aa2dbaa33cde4138aafbd8304
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F11E772F81136EFCF116BA5D9451EEFFB4EB40342B601C65D159B3168E3308A328BA4
                                                                                                                                                                                                                                  Function 06F9F2C8 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b0122dc8030f35f51a89df989a05b1c2c1030982259312b5d3e1952988a3f708
                                                                                                                                                                                                                                  • Instruction ID: 07772414188babe66fc6bfb66a57a382ef225f878f92ebe57d34413d2b16ae69
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0122dc8030f35f51a89df989a05b1c2c1030982259312b5d3e1952988a3f708
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF215C71E4520E8FDF40DBA8C901AEEB7B9EF89310F108665D104B7355DB346E45CBA1
                                                                                                                                                                                                                                  Function 06F922EB Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: eb0fe034a0ece110dd45d631490c56ee0918c7de736f8af732311b3dbe9c5d62
                                                                                                                                                                                                                                  • Instruction ID: 72bd2e4fbbc3be61bc3695719bc1cd1bb9e59964756c83c234f8ce0a81969e95
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb0fe034a0ece110dd45d631490c56ee0918c7de736f8af732311b3dbe9c5d62
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3911BE31B10201AFEB54DFB8D885B6A77E6FBC8304F188438E859CB355DB34AC468B60
                                                                                                                                                                                                                                  Function 0874B1E0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 95ca0dff081bc770d1ea5870e6e70b9fc32b343a681e3820a5a184223f02e355
                                                                                                                                                                                                                                  • Instruction ID: 3f4582ecb369d1a1e05e1f0b009f05ffe37f6b4f93d69975d3d4c51c5863b7cc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95ca0dff081bc770d1ea5870e6e70b9fc32b343a681e3820a5a184223f02e355
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31118EB1A002098FDB11DFE9C9407AFBBF9BB89261F54052DC508E7254EB34E942CB72
                                                                                                                                                                                                                                  Function 0874ADF1 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a1492d083f02cda3aba9c770fb9f3fb5cdc18e1638efff16f6e263aa54122d66
                                                                                                                                                                                                                                  • Instruction ID: 80a49bf4722c4d2ed0e95239e3b9e06ec9d6c9ea8563960b30b3d0edc6ea6f9a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1492d083f02cda3aba9c770fb9f3fb5cdc18e1638efff16f6e263aa54122d66
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2012671E8D275AFC7122A74D8160ECBFF08B8624171A14ABD065E72AAE230490B87B1
                                                                                                                                                                                                                                  Function 00AAD1AF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1737796914.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_aad000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                                                  • Instruction ID: d1e23aa079f0be1265976f3b19f24b617f2961995e68504295028f1a0f60d43c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7011DD75504280CFCB02CF10C5C4B55FFA1FB95318F24C6AED88A4B696C33AD80ACBA1
                                                                                                                                                                                                                                  Function 00AAD367 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1737796914.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_aad000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                                                  • Instruction ID: 2c14114dcbff6529246e0f30710a3e82fdc975c1e080aba270c02daa8cbb0a1a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43119075544240DFDB05CF14D5C4B15BF71FB89318F24C6ADD84A4B696C33AE84ACB51
                                                                                                                                                                                                                                  Function 0874C433 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d836319afff8eefd28865f26feb12235f1cac5d0b748800657544d7e4e322378
                                                                                                                                                                                                                                  • Instruction ID: 987e0d3113d08846a489e99877c220ca5a08525327480ad0ec9d6afa07f0786c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d836319afff8eefd28865f26feb12235f1cac5d0b748800657544d7e4e322378
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D70188353151608FC315DA6DC8408AABFFAAFCA60132440AAE601CB7B1CA71DC028BA0
                                                                                                                                                                                                                                  Function 0874F010 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1f1a21b1762201b81a60e4017a15bf64f8780cad1458ef50a2869bcba11c2f1c
                                                                                                                                                                                                                                  • Instruction ID: d959ac22a49d02759ad59bc0062a17d530907561f811280fbdae504f578293cb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f1a21b1762201b81a60e4017a15bf64f8780cad1458ef50a2869bcba11c2f1c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B311E530E0120A8FDB00DFA8C8017BEBBB0EF89304F108129D925BB395EB74850ADBD1
                                                                                                                                                                                                                                  Function 0874E1E8 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f99eeb957f1f41bf3b4419daa601d64bb96689278886a97bbe624df8a53f0fa6
                                                                                                                                                                                                                                  • Instruction ID: bb149e517106767cf00ad1f68d24e40977914e0f4e1f0190acd47192e4497aec
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f99eeb957f1f41bf3b4419daa601d64bb96689278886a97bbe624df8a53f0fa6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F01F532911709AFCB01EB78DC444DABB79FFD9310B11862AE00567211EB30A55ACBE0
                                                                                                                                                                                                                                  Function 08749708 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b9f18d8abe7e3b5740f338332950d7e2c7464ae26707fb83ff254649099c04d4
                                                                                                                                                                                                                                  • Instruction ID: c663d09492b58e03ce9bd1bfd9a079880cd960ce727cdf4e4a60bcd058506135
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9f18d8abe7e3b5740f338332950d7e2c7464ae26707fb83ff254649099c04d4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D017C353141208F9754DB6EC88486EBBEAEFC9615314506AF501CB375CA31DC01CB60
                                                                                                                                                                                                                                  Function 06F93FFA Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c5f25e7939e12c28224c0d45dfae6529f940f491c2a05a56189948408dbffc72
                                                                                                                                                                                                                                  • Instruction ID: 0dbbeff34b8476475deb731e6e95dcd1a415f4bd364976a0cc9328fffa6cdbd1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5f25e7939e12c28224c0d45dfae6529f940f491c2a05a56189948408dbffc72
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14F02852B493941BD72B12681C215AE2F9A8BD7690F190197E545CFFE7D8488C0743F3
                                                                                                                                                                                                                                  Function 06F92800 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b01429b529cccfedcb9249885586605e0ba1cfe29b4036016876d991ddb1e001
                                                                                                                                                                                                                                  • Instruction ID: 26d92fb2d95fc74d804371beaaa0b155db659f40347820bebebadab4b18873db
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b01429b529cccfedcb9249885586605e0ba1cfe29b4036016876d991ddb1e001
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1CF0F431604210AFE3195B38E844E9A7BA5EBC9311F10C03BF248C7681DA30CC19CBA0
                                                                                                                                                                                                                                  Function 0874B800 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f2bc86478c0d1e359e87c813ce930da2ae205e9aed9ad8198afcfb7553846c32
                                                                                                                                                                                                                                  • Instruction ID: 6eb44e595ac3d4f23484709e2820fd617cefe06b9930bb77f3b62831155f0bd3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2bc86478c0d1e359e87c813ce930da2ae205e9aed9ad8198afcfb7553846c32
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E014930A00209DBDB147BAC81106AE7FEB9FC5751F60046ED1026B358CFB19D0B87E2
                                                                                                                                                                                                                                  Function 06F94DD0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 179d0e5f52afb1659c0ed884440ec6e2bef500e62c9a5cf1e626c8e09049aac2
                                                                                                                                                                                                                                  • Instruction ID: 3141b0fb443c274084a34a83b125c1893a811b5e890325cb82063e1e6a439855
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 179d0e5f52afb1659c0ed884440ec6e2bef500e62c9a5cf1e626c8e09049aac2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A018635604259AFEB064F689C448AE7FBAFBCC310B108027FA05C3351DB759C26CB91
                                                                                                                                                                                                                                  Function 0874F020 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3e55c490e93c70a348665ff2efc60c683ba9bf3748bb2c02d981d935bdfcaadc
                                                                                                                                                                                                                                  • Instruction ID: c729eac6bf5805d907760c6af95118ed854f02ed20990ab4747b5378a1da1325
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e55c490e93c70a348665ff2efc60c683ba9bf3748bb2c02d981d935bdfcaadc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99019230E0020A8FDB04EFA8C8117AEB7B1EF49314F108529D515F7395DB74954ADB91
                                                                                                                                                                                                                                  Function 08749328 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 91672526769b2bf06011c9f0a51dd5838524879b30dd493790d08f4ba3168159
                                                                                                                                                                                                                                  • Instruction ID: ab61ddcdd8812d95cbd510d19993e261ba46eaba7100fb535e14436d5979481f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91672526769b2bf06011c9f0a51dd5838524879b30dd493790d08f4ba3168159
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48F0A431B146549FCB11EB69D894C9EBFB9EF8621071041AFE5459B321D7306909CBE2
                                                                                                                                                                                                                                  Function 06F97D58 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5826fdde74b44dda007005422011e946b2e97c02ebeb8ea4ff1d9af59c69d61c
                                                                                                                                                                                                                                  • Instruction ID: c777e71fc860cc31a8b1274030121e5d950ce7dc26866c2843c53d4b11e419c2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5826fdde74b44dda007005422011e946b2e97c02ebeb8ea4ff1d9af59c69d61c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E901D23095D3848FEB95A764C4046B9BFA35B43305F0480AED0555F687C77A8446C772
                                                                                                                                                                                                                                  Function 06F98F1C Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 89b5b8526b3b80acea551825c61b34e3b1fb8850780d4c4dd4693f7a7c5334c7
                                                                                                                                                                                                                                  • Instruction ID: c73abcccef1ae6e91d0b6a5ad547ee7a45d012049c239a91cb57129d9a988de0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89b5b8526b3b80acea551825c61b34e3b1fb8850780d4c4dd4693f7a7c5334c7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0DF0242340D294DFFBD1A7E918214B23FAAAB871883440CCBE463CB567D6218544C3F3
                                                                                                                                                                                                                                  Function 0874EF80 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9fea9e7a1552e931d616eac65007a49b02c722cb64affdcbd9e4055f35325e33
                                                                                                                                                                                                                                  • Instruction ID: fce811b762f90d09f51d96d9561dcf91fd387eeed1f681ef7496b8d214cd8b2b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fea9e7a1552e931d616eac65007a49b02c722cb64affdcbd9e4055f35325e33
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AF05E353215509FC744DB2DD894E9A7BE9EFCAA6231640EAF509CB372CB61DC02C7A0
                                                                                                                                                                                                                                  Function 0874E1F8 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f4285d80e56e2ea52b646f3c43bde487d86caa7347ca991010c5dbb8fffe7b92
                                                                                                                                                                                                                                  • Instruction ID: 61f34f486235a7ed762ba3ea386f71607c783ff43986fd342b81cf4a24083f5a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4285d80e56e2ea52b646f3c43bde487d86caa7347ca991010c5dbb8fffe7b92
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2401D132A1060A9BCF00EEB8C8444CEFB7AFFD9314F118629E00527210EB70A596CBA0
                                                                                                                                                                                                                                  Function 08749790 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: bc30c8a0d51ca91f8dc9db8fcc381e8df813825f8a55d0884fc74defdea50445
                                                                                                                                                                                                                                  • Instruction ID: 07af97d23b1723a180aa1b57cb9ecae10a5960aca3ed6521d5d1990451c9d234
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc30c8a0d51ca91f8dc9db8fcc381e8df813825f8a55d0884fc74defdea50445
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0F02B30B401199BDB14BBAC81546AEB6F7DFC5714F50086ED502A7348CFB1DD0687E6
                                                                                                                                                                                                                                  Function 06F92AC7 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 94f589da84b0a368bc8066a6bd9b0f34e655b2247ca33618c5f6fcf67eb5cf0c
                                                                                                                                                                                                                                  • Instruction ID: ac60c949dd1f8f09b2af998e7842517bd12296e0c8b1f62d561656882e04ea87
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94f589da84b0a368bc8066a6bd9b0f34e655b2247ca33618c5f6fcf67eb5cf0c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9F0B432A053445FD7218E1AAC84596FFA4EEC9170300827BE46CC7A51D5308A06C7A0
                                                                                                                                                                                                                                  Function 0874E2D0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: dbbe48b4e897ad5b219e91e23f9d0dad5b92653bea045fbbae70a38fb64ad7a7
                                                                                                                                                                                                                                  • Instruction ID: d5937fa54350114010b5e436d8259dacbf92227bc1370c69ddb7c0835af83fe9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbbe48b4e897ad5b219e91e23f9d0dad5b92653bea045fbbae70a38fb64ad7a7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BF03A353101108FC6449B6DC848A7D77EAEFCDA21B1880BAE60ACB374CF71EC0287A0
                                                                                                                                                                                                                                  Function 0874E2CF Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 12237fc7074558951dd8bfba3ab8582c19ba12eba08227fb9493f4d5c6a16c40
                                                                                                                                                                                                                                  • Instruction ID: 69b852ee033db9ee04fc6baefca8e6d71846486121044cbba9d38d42d90eefc5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12237fc7074558951dd8bfba3ab8582c19ba12eba08227fb9493f4d5c6a16c40
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82F017353101108FC6449B68C448A7D77EAEFC9A21B1880AAE60ACB374CF71EC0287A0
                                                                                                                                                                                                                                  Function 06F94DE0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2365342db1486970e06e8fa62ca8a160fa38f428c25dafa46c7fe11cfafa03fb
                                                                                                                                                                                                                                  • Instruction ID: ad524c9508f31629f9c576057b347978cfa618218075a76d0c756459a61b88c0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2365342db1486970e06e8fa62ca8a160fa38f428c25dafa46c7fe11cfafa03fb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8F01235700229AFDB055F99D8458AEBFAAFB8C310B108026FE15C3351DB759C219B90
                                                                                                                                                                                                                                  Function 0874AAB7 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6b964c455e4782ff6665ca92b634fa5399d6aceaa7a59eb7ec5d325763b4181d
                                                                                                                                                                                                                                  • Instruction ID: 93188f2b3649b8f718a2dde807c106420ccfe4de31d1ec009f35c00d6b1aadfd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b964c455e4782ff6665ca92b634fa5399d6aceaa7a59eb7ec5d325763b4181d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCE0AB303C62244FD71A5A2564104BFBFA5CED618230C012EE00BCB796EFA08C0793B1
                                                                                                                                                                                                                                  Function 06F97D49 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ddcd949c6ef89b3d13e4d316633eaa5554ed300020dc65ee70fcfe71bf00825d
                                                                                                                                                                                                                                  • Instruction ID: f112687623e5f3c195b9f08bed271ad05c72fb3391f654bc9e513ec195ddd990
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddcd949c6ef89b3d13e4d316633eaa5554ed300020dc65ee70fcfe71bf00825d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7F0BE319AE3948FE796662084116747F235B93306B08C0EBE0454F687C72B8943C7B2
                                                                                                                                                                                                                                  Function 06F9BBED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: debd88d4a074a76be2d39c5c9d5a84a9c96dbd9895a6f1ce06d28153d47e14d0
                                                                                                                                                                                                                                  • Instruction ID: 802d3ebd7f5703dfd505f67aac8f751ab4d69b2219dc96f99528ef291f422c5e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: debd88d4a074a76be2d39c5c9d5a84a9c96dbd9895a6f1ce06d28153d47e14d0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60F01274B001089FDF54EFD9D690A9EBBF2FF98310F208555A405A7399CA31ED82CB91
                                                                                                                                                                                                                                  Function 06F9AEEA Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 91301ea65f96758b3b742084cba52117787cc6375bb3fbccbff92fac940eb2b2
                                                                                                                                                                                                                                  • Instruction ID: 1c14de0541814a62ea5e4ad4c9649c3027020b526426ecf4e53a7a2d84eff32c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91301ea65f96758b3b742084cba52117787cc6375bb3fbccbff92fac940eb2b2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFF0B430E45349DFEF419BB4DC5E9AEBB72AF46300F008252E622672E1CB705855CB61
                                                                                                                                                                                                                                  Function 0874EF90 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: da8482a7116df56cc5f91501e01f16538681c7325bbeea458c631b7031fd4c06
                                                                                                                                                                                                                                  • Instruction ID: d2d3390b4eb217c8bcb239c521f443fb62a23076c1b3f3d7fd7492828b38a14a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da8482a7116df56cc5f91501e01f16538681c7325bbeea458c631b7031fd4c06
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EF0C9353604248FC754DB2DD858D5977E9EF89A2131640AAF109CB372DF61DC02CB90
                                                                                                                                                                                                                                  Function 0874E278 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 85e6700ac7b65ad48a0f99c59408d8d06d64dc9fca110516f9788fba8df70cb1
                                                                                                                                                                                                                                  • Instruction ID: 23dd71f5ba42df209078ac77796240aede87dca36a36852fa2d88374edec6936
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85e6700ac7b65ad48a0f99c59408d8d06d64dc9fca110516f9788fba8df70cb1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73E09271B00A100BAB18FB7EA40046EF7EBAFC8524304C07ED00D87765EE71AC014694
                                                                                                                                                                                                                                  Function 08749770 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 30a084041741af2bd44972b78fac1e005753b408aa430fa36eb82b298921b479
                                                                                                                                                                                                                                  • Instruction ID: 10c62016d30fb0a423cacef934054657ad4711858a2080af05a5cccbc28f7f76
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30a084041741af2bd44972b78fac1e005753b408aa430fa36eb82b298921b479
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5CF0A034209340CFC31AAF7984548267BE5EF5621130598BAE1498B676CA31EC82CB51
                                                                                                                                                                                                                                  Function 0874B3B9 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d366974544fb675737387227dce47dedd9e786b1edda7f2653e4c674172495f0
                                                                                                                                                                                                                                  • Instruction ID: 15fac5aed725fdc82c098976c862cf7395d1b5389995d85784fe4d70aa390062
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d366974544fb675737387227dce47dedd9e786b1edda7f2653e4c674172495f0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95E0ED31104300CFC3269FA9C8808263BE5EF96212321A5AFD0088B735D732EC83CBA0
                                                                                                                                                                                                                                  Function 06F99D78 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e642d9ad460f4539faa7d46c54f19492e6efc68111a09785f9b270069e390d4f
                                                                                                                                                                                                                                  • Instruction ID: 65e724d2c8d478877d8abf1fab147ad593ed89734b6e4eafa76921584b486b51
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e642d9ad460f4539faa7d46c54f19492e6efc68111a09785f9b270069e390d4f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56E0922310D1048FFFCC626548955357B6B9BC5300B1B40AB91878A7D6EAA988408AF2
                                                                                                                                                                                                                                  Function 0874EFD1 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 92209fb7e2a67a0e54302a021b592989a7ee8a050d5f9b83170830f32366647a
                                                                                                                                                                                                                                  • Instruction ID: ea2c1d15a27302e8a3391d373c083cdc962054994959756a217f77f3c8548bd7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92209fb7e2a67a0e54302a021b592989a7ee8a050d5f9b83170830f32366647a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2E0CD3B24A2508FD710C524FCC17CB3B919B9A102F1EC696E180D7195C52E99474671
                                                                                                                                                                                                                                  Function 08743459 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 51e2e0d7776fc331164ff063ca49855d9e7d72201961c88a86f235560a035ce8
                                                                                                                                                                                                                                  • Instruction ID: cde5b3213f3c1edefe112cf74f43f2e880131650d0ade0674f82bd6117f56e9b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51e2e0d7776fc331164ff063ca49855d9e7d72201961c88a86f235560a035ce8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ABE09236610208EBCF115AE9F848EEA7F6CEB44265F044039FA0881112E7718056C660
                                                                                                                                                                                                                                  Function 06F920C8 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: da62cf1cf6954f6ed1b3fe9237a2a340dd9da392e759bb741c6c1b177ab7d53b
                                                                                                                                                                                                                                  • Instruction ID: 20a2367e2cc5f14356b34d2a0e784b38414464b241c3bbceac4c5ea6a0a65fc4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da62cf1cf6954f6ed1b3fe9237a2a340dd9da392e759bb741c6c1b177ab7d53b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47E08621B553044BEB021BB15D552B937AD9B82505B0A8065E145D6781CA1C89278361
                                                                                                                                                                                                                                  Function 0874E268 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d1268f98298ff94ff3d480466fe66768f6a1310ab3e7215c02027e58342a4918
                                                                                                                                                                                                                                  • Instruction ID: 8fca4d2559b83f667edae9b5b2be97795d6d8452484c380df4d51c7de84a81ad
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1268f98298ff94ff3d480466fe66768f6a1310ab3e7215c02027e58342a4918
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4E020313097501BD316D639580056ABFB7AFC6514304C19ED44C8B146DE61AD0347D0
                                                                                                                                                                                                                                  Function 06F9C01F Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ced305a9c1fc55de338cf3f9c8069312d888a63013eb0dc6cadfd02c3557df1a
                                                                                                                                                                                                                                  • Instruction ID: 0255dde0fa13b0574bc55a89b122551d5aac50020fc284c570d0fe79246b8129
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ced305a9c1fc55de338cf3f9c8069312d888a63013eb0dc6cadfd02c3557df1a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16E08C9314D384CFFFD292B408285BA3F2C9F8A200F20298BD11BC70B2E61A59504AF3
                                                                                                                                                                                                                                  Function 06F90DE8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6ae9f3d67e024b468b0750406a821046799b75a49ddbd4e34e044e5ea189f6c5
                                                                                                                                                                                                                                  • Instruction ID: 4c571b443e317f6d679333c2b308e37837d8288aa063cb5b57e8685c1e38a5c7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ae9f3d67e024b468b0750406a821046799b75a49ddbd4e34e044e5ea189f6c5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8BF06D31928388DFDB96AF39D81419D3FB0AF16350B01C5ABE499CB011EA3182A8CB51
                                                                                                                                                                                                                                  Function 06F9B8F2 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 164b898558e3604f0da557f4593541035635d655a23c877b9a1d5628dbcb1fb2
                                                                                                                                                                                                                                  • Instruction ID: 652dfb3db9077fcd59073f21c178a15aa65eb06c3b3bc16038e7be7103b5c078
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 164b898558e3604f0da557f4593541035635d655a23c877b9a1d5628dbcb1fb2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12E01223A3D14CEF7FF0DA9474955773BA8A7752207004587E80B9760DDA219A909FF3
                                                                                                                                                                                                                                  Function 0874AAC8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: cd172c099fcf32f438eb5c534affec9c75ae2f09613ec06b4018b5198c16a475
                                                                                                                                                                                                                                  • Instruction ID: c866c9194a0e70cd5d26ceea72817e27d7514d23bd59d0622baab6d9a8e2c35c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd172c099fcf32f438eb5c534affec9c75ae2f09613ec06b4018b5198c16a475
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAD0C731381122874B1CA26AA8188BFB79ECAC56A2708003EE01BC3254DFA0CC0392B1
                                                                                                                                                                                                                                  Function 06F9C091 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4e974977efe50a787cb37615233755093a751056dee2b72f61ed460f2efd5d8e
                                                                                                                                                                                                                                  • Instruction ID: 1946f4a913cec7ab8f3c7688978ec31073a617f8872f916038715b1e016bd59c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e974977efe50a787cb37615233755093a751056dee2b72f61ed460f2efd5d8e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9E017D324C248CEFFD192B409684BD3F69AB99200F21648BD50BC71B6E62558514AF3
                                                                                                                                                                                                                                  Function 0874DE54 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5bf176943904aecb0078fc354764ce3c2390334e232aed2f7cf15708a501af18
                                                                                                                                                                                                                                  • Instruction ID: e00b68f18876e946ab9573d7c01cb663e9c35ca9d59717f419b55cfa9af2af9c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5bf176943904aecb0078fc354764ce3c2390334e232aed2f7cf15708a501af18
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7ED0953728501046E710D518FCC17D93341FFC4315F18CC55F041D714CCA2BE4874121
                                                                                                                                                                                                                                  Function 06F9C0D6 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f43ca896e2da86d4d76435924ef06c02b2cec5c3f2ae177366cc3d5a6719d409
                                                                                                                                                                                                                                  • Instruction ID: c6ec9686419434fc738b3c7ecd011b438ed36a33a02c9ad6bdb51b4d1aa9b1c9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f43ca896e2da86d4d76435924ef06c02b2cec5c3f2ae177366cc3d5a6719d409
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4E0CDB154C108DFFBA0CA559411525379DFB48300F209047D907D7254E62199400BF2
                                                                                                                                                                                                                                  Function 06F98140 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 134535192f791c024cb2c1d5ac864f1e0409a028bdb53d23fbf786fb6e6cfb7b
                                                                                                                                                                                                                                  • Instruction ID: e93da0f2079e11c86713311154ec77116a8ffba6d413f4f9f04b067c8490fae9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 134535192f791c024cb2c1d5ac864f1e0409a028bdb53d23fbf786fb6e6cfb7b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60E06874609201CFF701DB74C8152267BB0EF87300F04C8CB94668B2A7CA30AC0BC3A1
                                                                                                                                                                                                                                  Function 087411B8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b8acb60ab1f158284dbc2280935f88a23ee4f4f8cabcd841adc654a8c063b129
                                                                                                                                                                                                                                  • Instruction ID: 82e606dcd5de8f7c660dee7faded99057e315ae4a0bd06eb8eae7a0ba77e076f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8acb60ab1f158284dbc2280935f88a23ee4f4f8cabcd841adc654a8c063b129
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23E08CB0A01209EFCB00EFB8EA45ADDB7B9EB45300F5045A9A80993261EB705F45DB94
                                                                                                                                                                                                                                  Function 06F99D88 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0c250a67749503a00c67d75d817b521b5d7b0f4855c4b87a736e4e155a527e1c
                                                                                                                                                                                                                                  • Instruction ID: d044702194228ab093c13e4d536807aacc3a54048b206e5226886596b33e384f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c250a67749503a00c67d75d817b521b5d7b0f4855c4b87a736e4e155a527e1c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7D05E1324D104CFFFCC7665548963A76AB9BC0300F0A446F52CB863C6DAE6885086F2
                                                                                                                                                                                                                                  Function 06F97D20 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2a00f6c91710aca8fd15a18ad65db037c454db7ecea0a27a0da17249faef6d2e
                                                                                                                                                                                                                                  • Instruction ID: 718e16c22662104b9c7d713101e1aa6735dc5738917b4f653912c53ce147fe5b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a00f6c91710aca8fd15a18ad65db037c454db7ecea0a27a0da17249faef6d2e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2E01271DA92548FE7D5676081001347F63A79334AB18C0AFD4594E686C73BC543C661
                                                                                                                                                                                                                                  Function 06F9B8F8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5ce8467cdd5af9f30a7aaa888869c86c9d76c5fb16818239d496f416adabc717
                                                                                                                                                                                                                                  • Instruction ID: 03003c25a55fba39e9600446d0f2ebd8ac514755a03ea58d6c94a4805cad218d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ce8467cdd5af9f30a7aaa888869c86c9d76c5fb16818239d496f416adabc717
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26D05E23A3C10CDF7FE0EA98744153B36A8A775220B004842980B8330CDA219900ABF3
                                                                                                                                                                                                                                  Function 06F9C2E0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 02bd34e35a0e14d09ef83226d47a66a9949d841ef31e7aa838a444d8b6cc6451
                                                                                                                                                                                                                                  • Instruction ID: 87637e7c418a2deb125149f188e7452d10c9405634808bd748bc23ffc0b7dd20
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02bd34e35a0e14d09ef83226d47a66a9949d841ef31e7aa838a444d8b6cc6451
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6ED0C93714E38CAEBF8216A628256F23F6CA64A51070521CBF14E6A853462505A98BF3
                                                                                                                                                                                                                                  Function 06F9AE9B Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: aee9c8981432f15c87b6a8d5148b62b90bfe960d9eba912977fedeff98ab1755
                                                                                                                                                                                                                                  • Instruction ID: 24cb7859ef44ad190d2111870deefb34eba50fc380224528d7d96793883d905c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aee9c8981432f15c87b6a8d5148b62b90bfe960d9eba912977fedeff98ab1755
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5E09A72D092848FDB05CF79C8922AABFF0BF42200B08809BD0648B127C7301456CB92
                                                                                                                                                                                                                                  Function 087491EE Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 56886d7f65506da76b29e62f16645880a5f8107bd537d7cb80c50665c673823b
                                                                                                                                                                                                                                  • Instruction ID: 42f5e58fc7ad70e92ea646c1fd1ce8806a2aae85cb7bc3458fdb9d6f17c56670
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56886d7f65506da76b29e62f16645880a5f8107bd537d7cb80c50665c673823b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8D0A92441AB881EC3123A349C1A0EE7F70AD130217000393E4EA6E0E3FA2002AAD3B3
                                                                                                                                                                                                                                  Function 06F90DF8 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9ada7d1f5680b90bcce304bbb355435be880ea26a80e347a384add8319c35877
                                                                                                                                                                                                                                  • Instruction ID: 8f0ceefb1f8db19915fe4f8f24559f493f6bcac3b8f66668844c54c069963b5c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ada7d1f5680b90bcce304bbb355435be880ea26a80e347a384add8319c35877
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CE0EC31C1461CDE8B90FF74D50459A7BE8AB05211F00C56AE8499A110EA30D2D4CF91
                                                                                                                                                                                                                                  Function 06F96681 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3d5daa818047ab060710567aaafa14876a7460e2e14e45acd04d84a1777406c6
                                                                                                                                                                                                                                  • Instruction ID: ca03d5c67676ca3fa3d43aa1a3f1df1ac6b0150d219c38909161876109299164
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d5daa818047ab060710567aaafa14876a7460e2e14e45acd04d84a1777406c6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACD0122500E3CA7EF75212747C0A8B73F2D574311570A01D3F546CD053CA095490C2F3
                                                                                                                                                                                                                                  Function 06F920D8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8c11bc5a13915af753f28b79555a627de71c06053a3d9d012fd2c634e8cca336
                                                                                                                                                                                                                                  • Instruction ID: 1166bc65d2d4e7171e0362313810288459a0562069aee0b99d23979e3064b0e5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c11bc5a13915af753f28b79555a627de71c06053a3d9d012fd2c634e8cca336
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8D0A721B002044BBB006FF6581A37933EEEB84505B458014E509C3384CF28D9619621
                                                                                                                                                                                                                                  Function 08749219 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1272c945afc84ad50b8f89647e6342f3fa6680ae903498f6bab9249578331f88
                                                                                                                                                                                                                                  • Instruction ID: a604e267f862803476ed2cd18abbe4d5ee841c55fe2bdb4cf8058f47307a06ae
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1272c945afc84ad50b8f89647e6342f3fa6680ae903498f6bab9249578331f88
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11D05B34105244AFC702CF21D441C557F35DF0722471580DBFA444F233C231DA15C791
                                                                                                                                                                                                                                  Function 06F9C0A0 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: cd29b87f23473d30622f49dc3b5f4a67bfb35d38c0465bfee8169b6b77fccac7
                                                                                                                                                                                                                                  • Instruction ID: 1ee77e30f5e1413785c61d4550d72f94e2e18ce7c92ca723f1b2db41c90d3bb7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd29b87f23473d30622f49dc3b5f4a67bfb35d38c0465bfee8169b6b77fccac7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77C08CD328C21CCFBFC0D1A8152C43D365D6B88300F207007C20BC32B5EA1288400AF3
                                                                                                                                                                                                                                  Function 06F9E318 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 81085a1896157df778806f5fc57a07f2d76654d1fb0432e49f1215a3fcbe19e6
                                                                                                                                                                                                                                  • Instruction ID: 3b960f921906720df5b97c3378d98a8c1d1b4c4f00f1fd1c32ac766b749d9cbd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81085a1896157df778806f5fc57a07f2d76654d1fb0432e49f1215a3fcbe19e6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACC04C3044170D8BD65467E8F50E7757AA99B52316F441290F649415B08B685490DA76
                                                                                                                                                                                                                                  Function 06F9BCB0 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2e1cb02b2e31e9d0f93d68331f6c5c8b467501c9978b9bee00bfaa299930e09c
                                                                                                                                                                                                                                  • Instruction ID: 54ca8e1636a6676c67edcf6b071bc9d88e674c164be82d619560dc63ce622d72
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e1cb02b2e31e9d0f93d68331f6c5c8b467501c9978b9bee00bfaa299930e09c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0D01272418155EFC700DB51DD99C593FF0BF2D20130419C9D5055B366D330A411CB91
                                                                                                                                                                                                                                  Function 08749228 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1747796252.0000000008740000.00000040.00000800.00020000.00000000.sdmp, Offset: 08740000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8740000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                                                                                                                                                                                  • Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90
                                                                                                                                                                                                                                  Function 06F9C2F0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: cd0fc04951274114437f2b39ed6c065f33bd881f15a3f5e1fdb6939c2217abe4
                                                                                                                                                                                                                                  • Instruction ID: 0127ac1fc6918c5865b486d659793a35f42cec63f6862472d85cac857a07c32f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd0fc04951274114437f2b39ed6c065f33bd881f15a3f5e1fdb6939c2217abe4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41B0122700C20CCE7FC021D720391753A1C7344B00B003013A20F309410A31145104F3
                                                                                                                                                                                                                                  Function 06F9B9C1 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: cb0a4ed2c1de34bd84749449c625a799888e3f86c705b085b646247d8e24863e
                                                                                                                                                                                                                                  • Instruction ID: 27168c0d3fe8c132aca64f37f2b14f6119024dd9e9f30c26eacb003ecce0af0f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb0a4ed2c1de34bd84749449c625a799888e3f86c705b085b646247d8e24863e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBC04C31B5421EAFFF919A51FF8696D76766B14A01F101550A6027A298D6608501C690
                                                                                                                                                                                                                                  Function 06F96690 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.1746592978.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_6f90000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4ad4c1de0909d8f96f85e69e783f3c61c3967306282a36673ddb68036788c577
                                                                                                                                                                                                                                  • Instruction ID: 5772fa6dd43325d88ac7e6e3d8584e95218e786c629b2dafd1de99edda84e6f1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ad4c1de0909d8f96f85e69e783f3c61c3967306282a36673ddb68036788c577
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5A01122008A0ECEBB802280A00803A3B2C2302A08B000080EB0A8C0002A22382080EA

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:10.4%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                  Total number of Nodes:155
                                                                                                                                                                                                                                  Total number of Limit Nodes:9
                                                                                                                                                                                                                                  execution_graph 36550 6fb86cc 36553 6fb854a 36550->36553 36551 6fb86da 36553->36550 36553->36551 36554 6fb73e0 36553->36554 36555 6fb8b78 PostMessageW 36554->36555 36556 6fb8be4 36555->36556 36556->36553 36459 290d01c 36460 290d034 36459->36460 36461 290d08e 36460->36461 36467 5102c08 36460->36467 36476 5101ef7 36460->36476 36481 5100ad4 36460->36481 36490 5101ea8 36460->36490 36494 5101e98 36460->36494 36468 5102c18 36467->36468 36469 5102c79 36468->36469 36471 5102c69 36468->36471 36514 5100bfc 36469->36514 36498 5102d90 36471->36498 36503 5102e6c 36471->36503 36509 5102da0 36471->36509 36472 5102c77 36477 5101ee7 36476->36477 36480 5101f02 36476->36480 36478 5101eef 36477->36478 36479 5100ad4 CallWindowProcW 36477->36479 36478->36461 36479->36478 36480->36461 36482 5100adf 36481->36482 36483 5102c79 36482->36483 36485 5102c69 36482->36485 36484 5100bfc CallWindowProcW 36483->36484 36486 5102c77 36484->36486 36487 5102d90 CallWindowProcW 36485->36487 36488 5102da0 CallWindowProcW 36485->36488 36489 5102e6c CallWindowProcW 36485->36489 36487->36486 36488->36486 36489->36486 36491 5101ece 36490->36491 36492 5100ad4 CallWindowProcW 36491->36492 36493 5101eef 36492->36493 36493->36461 36495 5101ea8 36494->36495 36496 5100ad4 CallWindowProcW 36495->36496 36497 5101eef 36496->36497 36497->36461 36500 5102da0 36498->36500 36499 5102e40 36499->36472 36518 5102e58 36500->36518 36521 5102e48 36500->36521 36504 5102e2a 36503->36504 36505 5102e7a 36503->36505 36507 5102e58 CallWindowProcW 36504->36507 36508 5102e48 CallWindowProcW 36504->36508 36506 5102e40 36506->36472 36507->36506 36508->36506 36511 5102db4 36509->36511 36510 5102e40 36510->36472 36512 5102e58 CallWindowProcW 36511->36512 36513 5102e48 CallWindowProcW 36511->36513 36512->36510 36513->36510 36515 5100c07 36514->36515 36516 510435a CallWindowProcW 36515->36516 36517 5104309 36515->36517 36516->36517 36517->36472 36519 5102e69 36518->36519 36525 510429b 36518->36525 36519->36499 36522 5102e58 36521->36522 36523 5102e69 36522->36523 36524 510429b CallWindowProcW 36522->36524 36523->36499 36524->36523 36526 5100bfc CallWindowProcW 36525->36526 36527 51042aa 36526->36527 36527->36519 36528 295d0b8 36529 295d0fe 36528->36529 36533 295d289 36529->36533 36536 295d298 36529->36536 36530 295d1eb 36534 295d2c6 36533->36534 36539 295c9a0 36533->36539 36534->36530 36537 295c9a0 DuplicateHandle 36536->36537 36538 295d2c6 36537->36538 36538->36530 36540 295d300 DuplicateHandle 36539->36540 36541 295d396 36540->36541 36541->36534 36542 295ad38 36545 295ae30 36542->36545 36543 295ad47 36546 295ae41 36545->36546 36547 295ae64 36545->36547 36546->36547 36548 295b068 GetModuleHandleW 36546->36548 36547->36543 36549 295b095 36548->36549 36549->36543 36557 2954668 36558 2954684 36557->36558 36559 2954696 36558->36559 36563 29547a0 36558->36563 36568 2953e10 36559->36568 36561 29546b5 36564 29547c5 36563->36564 36572 29548a1 36564->36572 36576 29548b0 36564->36576 36569 2953e1b 36568->36569 36584 2955c54 36569->36584 36571 2956ff0 36571->36561 36574 29548b0 36572->36574 36573 29549b4 36574->36573 36580 2954248 36574->36580 36578 29548d7 36576->36578 36577 29549b4 36577->36577 36578->36577 36579 2954248 CreateActCtxA 36578->36579 36579->36577 36581 2955940 CreateActCtxA 36580->36581 36583 2955a03 36581->36583 36585 2955c5f 36584->36585 36588 2955c64 36585->36588 36587 295709d 36587->36571 36589 2955c6f 36588->36589 36592 2955c94 36589->36592 36591 295717a 36591->36587 36593 2955c99 36592->36593 36596 2955cc4 36593->36596 36595 295726d 36595->36591 36597 2955ccf 36596->36597 36599 2958653 36597->36599 36604 295a9d0 36597->36604 36608 295aa08 36597->36608 36598 2958691 36598->36595 36599->36598 36612 295cdf0 36599->36612 36617 295cde0 36599->36617 36605 295a9d5 36604->36605 36607 295aa3b 36605->36607 36622 2958335 CreateWindowExW 36605->36622 36607->36599 36609 295aa23 36608->36609 36611 295aa3b 36609->36611 36623 2958335 CreateWindowExW 36609->36623 36611->36599 36613 295ce11 36612->36613 36614 295ce35 36613->36614 36624 295cf90 36613->36624 36628 295cfa0 36613->36628 36614->36598 36618 295ce11 36617->36618 36619 295ce35 36618->36619 36620 295cf90 CreateWindowExW 36618->36620 36621 295cfa0 CreateWindowExW 36618->36621 36619->36598 36620->36619 36621->36619 36622->36607 36623->36611 36625 295cfa0 36624->36625 36626 295cfe7 36625->36626 36632 295c8d8 36625->36632 36626->36614 36629 295cfad 36628->36629 36630 295cfe7 36629->36630 36631 295c8d8 CreateWindowExW 36629->36631 36630->36614 36631->36630 36633 295c8dd 36632->36633 36635 295d8f8 36633->36635 36636 295ca04 36633->36636 36635->36635 36637 295ca0f 36636->36637 36638 2955cc4 CreateWindowExW 36637->36638 36639 295d967 36638->36639 36643 295f6e0 36639->36643 36649 295f6c8 36639->36649 36640 295d9a1 36640->36635 36645 295f711 36643->36645 36646 295f811 36643->36646 36644 295f71d 36644->36640 36645->36644 36647 5100db8 CreateWindowExW 36645->36647 36648 5100dc8 CreateWindowExW 36645->36648 36646->36640 36647->36646 36648->36646 36650 295f6e0 36649->36650 36651 295f71d 36650->36651 36652 5100db8 CreateWindowExW 36650->36652 36653 5100dc8 CreateWindowExW 36650->36653 36651->36640 36652->36651 36653->36651

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 0295AE30 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 938 295ae30-295ae3f 939 295ae41-295ae4e call 2959838 938->939 940 295ae6b-295ae6f 938->940 947 295ae64 939->947 948 295ae50 939->948 941 295ae71-295ae7b 940->941 942 295ae83-295aec4 940->942 941->942 949 295aec6-295aece 942->949 950 295aed1-295aedf 942->950 947->940 996 295ae56 call 295b0b8 948->996 997 295ae56 call 295b0c8 948->997 949->950 951 295aee1-295aee6 950->951 952 295af03-295af05 950->952 956 295aef1 951->956 957 295aee8-295aeef call 295a814 951->957 955 295af08-295af0f 952->955 953 295ae5c-295ae5e 953->947 954 295afa0-295afb7 953->954 971 295afb9-295b018 954->971 959 295af11-295af19 955->959 960 295af1c-295af23 955->960 958 295aef3-295af01 956->958 957->958 958->955 959->960 962 295af25-295af2d 960->962 963 295af30-295af39 call 295a824 960->963 962->963 969 295af46-295af4b 963->969 970 295af3b-295af43 963->970 972 295af4d-295af54 969->972 973 295af69-295af76 969->973 970->969 989 295b01a-295b060 971->989 972->973 974 295af56-295af66 call 295a834 call 295a844 972->974 978 295af99-295af9f 973->978 979 295af78-295af96 973->979 974->973 979->978 991 295b062-295b065 989->991 992 295b068-295b093 GetModuleHandleW 989->992 991->992 993 295b095-295b09b 992->993 994 295b09c-295b0b0 992->994 993->994 996->953 997->953
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0295B086
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1853949335.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2950000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: b747bfafdaa0b884482867928454261673ec2d1a26729c559b47d274eece796c
                                                                                                                                                                                                                                  • Instruction ID: c05d936ba92e95445af483d3b03bdc2afabc132cb37a66f00cd453f4e5b9be8f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b747bfafdaa0b884482867928454261673ec2d1a26729c559b47d274eece796c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 567123B0A00B158FD724DF29D54075ABBF5FF88304F008A2DE98ADBA50D735E949CB95
                                                                                                                                                                                                                                  Function 05100AA8 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 998 5100aa8-5101d56 1000 5101d61-5101d68 998->1000 1001 5101d58-5101d5e 998->1001 1002 5101d73-5101e12 CreateWindowExW 1000->1002 1003 5101d6a-5101d70 1000->1003 1001->1000 1005 5101e14-5101e1a 1002->1005 1006 5101e1b-5101e53 1002->1006 1003->1002 1005->1006 1010 5101e60 1006->1010 1011 5101e55-5101e58 1006->1011 1012 5101e61 1010->1012 1011->1010 1012->1012
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05101E02
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1868472776.0000000005100000.00000040.00000800.00020000.00000000.sdmp, Offset: 05100000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5100000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                                                                                                                  • Opcode ID: f0ef9284d215e2d46d302876cea1e718c71b7fb5a97b8f6a027af86262ec63cf
                                                                                                                                                                                                                                  • Instruction ID: 16b6d49b7320dd7ce57f97954d79f608f5e2c3d03ae9a12dc29401c7d0c25e26
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0ef9284d215e2d46d302876cea1e718c71b7fb5a97b8f6a027af86262ec63cf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A051D3B1D10309EFDB14CF99C984ADEBBB5FF48310F64812AE419AB250D7759885CF90
                                                                                                                                                                                                                                  Function 05101CE4 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1013 5101ce4-5101d56 1016 5101d61-5101d68 1013->1016 1017 5101d58-5101d5e 1013->1017 1018 5101d73-5101dab 1016->1018 1019 5101d6a-5101d70 1016->1019 1017->1016 1020 5101db3-5101e12 CreateWindowExW 1018->1020 1019->1018 1021 5101e14-5101e1a 1020->1021 1022 5101e1b-5101e53 1020->1022 1021->1022 1026 5101e60 1022->1026 1027 5101e55-5101e58 1022->1027 1028 5101e61 1026->1028 1027->1026 1028->1028
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05101E02
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1868472776.0000000005100000.00000040.00000800.00020000.00000000.sdmp, Offset: 05100000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5100000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                                                                                                                  • Opcode ID: 1f89ba863aae1a265e574323f68ba16d595270a6ac39f04f228a2c7a6d13cc77
                                                                                                                                                                                                                                  • Instruction ID: e12a7a1c851d29f2ebce38aac67d7db0f73732185bf5d101b96cd7a4384f6288
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f89ba863aae1a265e574323f68ba16d595270a6ac39f04f228a2c7a6d13cc77
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B51E2B1D10309EFDB14CF99C984ADEBBB5FF48310F24812AE819AB250D7B59985CF90
                                                                                                                                                                                                                                  Function 05100BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1029 5100bfc-51042fc 1032 5104302-5104307 1029->1032 1033 51043ac-51043cc call 5100ad4 1029->1033 1034 5104309-5104340 1032->1034 1035 510435a-5104392 CallWindowProcW 1032->1035 1041 51043cf-51043dc 1033->1041 1042 5104342-5104348 1034->1042 1043 5104349-5104358 1034->1043 1037 5104394-510439a 1035->1037 1038 510439b-51043aa 1035->1038 1037->1038 1038->1041 1042->1043 1043->1041
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 05104381
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1868472776.0000000005100000.00000040.00000800.00020000.00000000.sdmp, Offset: 05100000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5100000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CallProcWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2714655100-0
                                                                                                                                                                                                                                  • Opcode ID: ddba6b6d6ee8d0f3fd64890c2e5b3b9513e49e2b3c415fc96bf9080dbb7203ca
                                                                                                                                                                                                                                  • Instruction ID: b3e2d028f6363ac881f1d9ea9cca3ce6e98b412ff262dcc383948548a2633fe7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddba6b6d6ee8d0f3fd64890c2e5b3b9513e49e2b3c415fc96bf9080dbb7203ca
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D34118B4A00219CFCB14CF99C488AAEBBF5FB88314F24D559D519AB361D7B4A841CBA4
                                                                                                                                                                                                                                  Function 02954248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1046 2954248-2955a01 CreateActCtxA 1049 2955a03-2955a09 1046->1049 1050 2955a0a-2955a64 1046->1050 1049->1050 1057 2955a66-2955a69 1050->1057 1058 2955a73-2955a77 1050->1058 1057->1058 1059 2955a79-2955a85 1058->1059 1060 2955a88-2955ab8 1058->1060 1059->1060 1064 2955a6a 1060->1064 1065 2955aba-2955b3c 1060->1065 1064->1058
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 029559F1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1853949335.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2950000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: a60bdf5f9885dd739bcbbba5c397d6130b200b7a8dff54b905057a5d354aae57
                                                                                                                                                                                                                                  • Instruction ID: edfb652fdcfe5301bc7c8af467c04d6c437f46392b49b16c3b9137968707e8ec
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a60bdf5f9885dd739bcbbba5c397d6130b200b7a8dff54b905057a5d354aae57
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB41E2B0D0062DCBDB24CFA9C884B9DBBB5FF44304F60806AD409AB255DB756949CF90
                                                                                                                                                                                                                                  Function 02955935 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1067 2955935-295593c 1068 2955944-2955a01 CreateActCtxA 1067->1068 1070 2955a03-2955a09 1068->1070 1071 2955a0a-2955a64 1068->1071 1070->1071 1078 2955a66-2955a69 1071->1078 1079 2955a73-2955a77 1071->1079 1078->1079 1080 2955a79-2955a85 1079->1080 1081 2955a88-2955ab8 1079->1081 1080->1081 1085 2955a6a 1081->1085 1086 2955aba-2955b3c 1081->1086 1085->1079
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 029559F1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1853949335.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2950000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: cd85b80f09b25fa0d6f7ded00e97cfb1b2729511c7759792d770362312ff67a8
                                                                                                                                                                                                                                  • Instruction ID: c4d223e30aa15c78c3e68eca5898804d35ebea37c617b760040192fdf9cc2423
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd85b80f09b25fa0d6f7ded00e97cfb1b2729511c7759792d770362312ff67a8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1741F3B0D0062DCFDB14DFA9C984B9EBBB5FF44304F64806AD408AB255DB756949CF90
                                                                                                                                                                                                                                  Function 0295C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1088 295c9a0-295d394 DuplicateHandle 1090 295d396-295d39c 1088->1090 1091 295d39d-295d3ba 1088->1091 1090->1091
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0295D2C6,?,?,?,?,?), ref: 0295D387
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1853949335.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2950000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: 5dfc98358fca07ccc83846b17e66a04790f2d9c44f3afada4f16dfeb7d09bc75
                                                                                                                                                                                                                                  • Instruction ID: 3b8299fb4e36e54f76347e9d3576d4fabf51d6810d74a0d4e2554d13e19e2f20
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5dfc98358fca07ccc83846b17e66a04790f2d9c44f3afada4f16dfeb7d09bc75
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6621E6B5900318DFDB10CF9AD584ADEBBF4EB48314F14845AE958A7310D374A954CFA4
                                                                                                                                                                                                                                  Function 0295D2F9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1094 295d2f9-295d394 DuplicateHandle 1095 295d396-295d39c 1094->1095 1096 295d39d-295d3ba 1094->1096 1095->1096
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0295D2C6,?,?,?,?,?), ref: 0295D387
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1853949335.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2950000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: d78e173cf408258eb9c1ba324107c6ac5670af4971f9be921f3af5476420ad00
                                                                                                                                                                                                                                  • Instruction ID: 3d0e2b796219b2c2fb37be4705eda1c6dd9580fbc6ed6013c02056688651285e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d78e173cf408258eb9c1ba324107c6ac5670af4971f9be921f3af5476420ad00
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE21E2B5D00219DFDB10CFA9D585AEEBBF5FB48314F14842AE918A7310D378AA54CFA4
                                                                                                                                                                                                                                  Function 06FB73E0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 06FB8BD5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1876430736.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_6fb0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: 6901540604c3a6e78d4759c7ce0c8dc3535e3573e0e67fb88e6d96db828d3e6c
                                                                                                                                                                                                                                  • Instruction ID: c9d1d3e8ad35e1ddc87c54109fe0f95820080c553cb09604b6e7576f65489f3d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6901540604c3a6e78d4759c7ce0c8dc3535e3573e0e67fb88e6d96db828d3e6c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D11103B5900349DFDB10DF9AD885BDEBBF8EB48320F10841AE569A7210C375A944CFA5
                                                                                                                                                                                                                                  Function 0295B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1099 295b020-295b060 1100 295b062-295b065 1099->1100 1101 295b068-295b093 GetModuleHandleW 1099->1101 1100->1101 1102 295b095-295b09b 1101->1102 1103 295b09c-295b0b0 1101->1103 1102->1103
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0295B086
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1853949335.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2950000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: d22d99416c4c47d134fdba73ad5fccf93fdb3e3cd168f2ac4a73d9be83913ece
                                                                                                                                                                                                                                  • Instruction ID: 24388a9b032684c3dd0403c4883c0f129d431d5dfc082fe821e874c5ac09db3f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d22d99416c4c47d134fdba73ad5fccf93fdb3e3cd168f2ac4a73d9be83913ece
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C011DFB5D003598FCB20DFAAD444ADEFBF8AF88224F10846AD869A7214C375A545CFA5
                                                                                                                                                                                                                                  Function 06FB8B70 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 06FB8BD5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1876430736.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_6fb0000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: 97e126c805f1c5a927d56c020d54288a8b213d391bb9d13f8845ebfecf2373e2
                                                                                                                                                                                                                                  • Instruction ID: 4d52f2ded2a60dd684f4663e35d159929ef704feb1359e53e7e395fd78da8940
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97e126c805f1c5a927d56c020d54288a8b213d391bb9d13f8845ebfecf2373e2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE1106B5900349DFDB10DF9AD445BDEBFF8EB48324F108819E969A7200C375A544CFA5
                                                                                                                                                                                                                                  Function 028FD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1853234368.00000000028FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028FD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_28fd000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 27883132dadc937b77d3f465621b01cec7216d0140e0d51c45051de1aea4b844
                                                                                                                                                                                                                                  • Instruction ID: 9e865509e75b2da47ea091ba0eb4f9fddeb616b2f22609e334149bff73d1c855
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27883132dadc937b77d3f465621b01cec7216d0140e0d51c45051de1aea4b844
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6221287D500204DFDB49DF14D9C4B16BF65FBA4314F24C169DB098B256C33AE456C6A1
                                                                                                                                                                                                                                  Function 0290D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1853354711.000000000290D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0290D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_290d000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 15578cb71d078a91370653a27581e0bc285538efa8171d6a61a21f7326aa4a69
                                                                                                                                                                                                                                  • Instruction ID: 5d4938beb71f16a825b429e7ef0be4f6699cc569b16899266032d613d63fe031
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15578cb71d078a91370653a27581e0bc285538efa8171d6a61a21f7326aa4a69
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF21F271604208DFDB14DF54D9C4F26BBB9EB84314F20C969D84E4B296C33AD447CA71
                                                                                                                                                                                                                                  Function 0290D007 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1853354711.000000000290D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0290D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_290d000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3088c0ec5e7e9046fbc3d1eb5a71f5d8d818eeabbcf8559fea00e8da29ec0afa
                                                                                                                                                                                                                                  • Instruction ID: f734e4dfd52c9ff66ee065f733d22db4368ef543b224ec0900fa021e8f7024a1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3088c0ec5e7e9046fbc3d1eb5a71f5d8d818eeabbcf8559fea00e8da29ec0afa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B121A1755093C48FCB02CF24D9D4B15BF71EB46214F28C5DAD8498F6A7C33A980ACB62
                                                                                                                                                                                                                                  Function 028FD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1853234368.00000000028FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028FD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_28fd000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                  • Instruction ID: 42c52509934fcc2152239f840ac4ce0246b2d99f271d6def6806045860daf243
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9311037A404240CFCB06CF00D5C4B16BF71FB94324F24C2A9DE094B656C33AE45ACBA2
                                                                                                                                                                                                                                  Function 028FDA09 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1853234368.00000000028FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028FD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_28fd000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 37f830d9c5cc88938b580bf567bed4e3fe74eba9ef2156bdb69fddd9b1d5e27b
                                                                                                                                                                                                                                  • Instruction ID: 1833e157f60db5185d011cab8619160220fd5ff48e2fd73bba623ae8ee3f4b8f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37f830d9c5cc88938b580bf567bed4e3fe74eba9ef2156bdb69fddd9b1d5e27b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0501F23900C304DAE7508A2ACD84B67BF98EF41328F08C56AEF088E296D339D880C675
                                                                                                                                                                                                                                  Function 028FDA08 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1853234368.00000000028FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028FD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_28fd000_haYzNpEpfrrs.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a941548e806ce0891ea8468b917b81a0accd6a8d8ae693afbb00ee6fec606abc
                                                                                                                                                                                                                                  • Instruction ID: 5c4cbffe899148e1ef75ac1c9cce9aa463249038b73a7b6331d1b50ea77b544c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a941548e806ce0891ea8468b917b81a0accd6a8d8ae693afbb00ee6fec606abc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AF06275408344DEE7108A16DC84B66FFA8EF41764F18C45AEE0C4F296D3799844CA71